What do you use PGP/SMIME for?
nick at leippe.com
Fri May 9 14:42:54 MDT 2008
On Thursday 08 May 2008, Von Fugal wrote:
> I dissagree, it's always a spectrum, you simply choose to treat a
> certain portion of the spectrum as one lump, but that doesn't change the
> fact that there is still a spectrum there. You say DVD CSS is "insecure,
> period". Well, I bet it stops some percentage of people from copying
> dvds onto their computers, and that percentage is proportional to the
> work, finding the software in this case.
I realize that this is semantics, but I'd like to understand better how we
should phrase these things. So, how would you distinguish these items?:
a) an open doorway
b) a door without a lock
c) a door with a broken lock
d) a door with a lock, but the key is 'hidden' under the mat, which fact is
e) a door with a lock, and the key is 'hidden' under the mat, which fact is
not common knowledge
f) a door with a lock
If there's merely a doorway, I think we would agree that there is no security
at all--just walk right through it. Maybe there's a sign that says 'do not
enter', but I think we'd still agree that that doesn't constitute any actual
If there's a door without a lock--do you still consider it secure at all?
Just because some people might be too lazy to open it to go in--and that
amount of effort is thus a 'deterrent'--I still don't consider it secure.
Anyone with a minimum of motivation can just open it and walk right through.
Similar can be said for a door with a broken lock--which is what dvd css is at
this point--they just have to open the door. You could argue that dvd css is
more like (d)--the lock still works but the key is hidden in plain sight, and
everybody knows it. Fine, but it's hardly any more effort considering that
anyone that has the minimum of motivation will know that the key is hidden
right there for anyone to use.
IMO, the only item on the list that qualifies for having any 'degrees' of
security is the last one. The security is rated by the strength of the door,
the jam, the strike plate, and the bolt, by the design of the mechanism, and
whether it has a window nearby, etc. The mechanism is in place, in tact, in
use, and the means to bypass it do not lie insecurely outside.
The security of the penultimate item could be argued at length. It requires a
bit of motivation to search for the key, since it isn't common knowledge that
it's available, but given the motivation, the effort isn't necessarily all
that high to use the door--and the means to do so are *outside* of the
secured area, and unprotected. For a person that has insufficient motivation,
its security could be rated the same as of the last item--it's just as strong
of a 'deterrent'. But, for a person motivated to finding the means, it holds
no strength, thus is 'not secure'.
The others, because anyone can readily bypass, I consider 'not secure',
regardless of whether some people might still be deterred by what little
effort may still be required.
I think the line is hard to quantify, but I still think it's there. To get
through a door with a lock requires picking the lock, circumventing the
entire doorway (a different way in), or somehow breaking the door or the
mechanism. This is quite a bit different and more involved than the work
required to bypass the other items.
I think the penultimate item really shows where there is room to discuss.
In it's case the security rating is dependent on the person--whether they are
motivated enough or not. I see three factors:
- the deterrent strength of the actual item (door, mechanism)--how difficult
is it to pass without the actual intended means to do so
- the availability of the means to pass it--can the key be obtained easily,
is the lock broken, or is it not even locked...
- the type of person--motivated to get past it or not.
So how then, do we define how 'secure' something is?
- Is it the strength of the actual physical deterrent?
- Is it the likelyhood of obtaining the means to bypass it/how much effort
is required to do so?
- Is it the percentage of people motivated enough to perform the effort to
get past it?
Or, is it some combination, and if so, in what proportion?
I would think that security is irrelevant in regards to the people that have
no desire/insufficient motivation to trespass. It was mentioned earlier that
some people that would otherwise just walk right in could be deterred by just
a door--it's too much effort. I would say that they are not malicious in the
first place--otherwise they would have the motivation to try harder. For them,
even a sign might be enough. So, just because a large number of people might
otherwise wander in to copying a dvd to their pc, where css prevents them and
they go no further, I do not see that as an argument for css providing any
degree of security. A deterrent, yes, but not security.
I think there's a difference between deterring and securing. For me:
Deterring means that there is greater than 0 effort involved in obtaining
access--but does nothing to segregate who 'can' put forth the effort.
Securing means that some actual 'means' that only authorized people should
possess or be capable of is ordinarily required for access.
Securing thus provides a means of deterring all but a specific set of
authorized people, whereas deterring alone doesn't segregate who 'should' get
access--only who 'can', and only does so by their own motivations--not by any
Perhaps I'm not describing what's in my mind very well, but this analogy will
have to do.
More information about the PLUG