[cryptography] preventing protocol failings

dan at geer.org dan at geer.org
Wed Jul 13 06:43:20 EDT 2011

Marsh wrote:
 | Everyone here knows about the inherent security-functionality
 | tradeoff.  I think it's such a law of nature that any control
 | must present at least some cost to the legitimate user in order
 | to provide any effective security. However, we can sometimes
 | greatly optimize this tradeoff and provide the best tools for
 | admins to manage the system's point on it.

I'll certainly agree that security cannot be made free,
on the obvious grounds that security's costs are decision
making under uncertainty plus enforcement of those decisions.

Clearly, the most cost effective security involves voluntary
avoidance: rejecting HTML e-mail, not parking your data on
machines you can never see, eschewing technologies that compile
a dossier on you, etc.  As of now, you (as a person) can still
control your attack surface.  When the time comes that you can
no longer do so...


More information about the cryptography mailing list