What do you use PGP/SMIME for?

Von Fugal von at fugal.net
Sat May 10 10:31:44 MDT 2008


<quote name="Nicholas Leippe" date="Fri,  9 May 2008 at 14:42 -0600">
> The security of the penultimate item could be argued at length. It requires a 
> bit of motivation to search for the key, since it isn't common knowledge that 
> it's available, but given the motivation, the effort isn't necessarily all 
> that high to use the door--and the means to do so are *outside* of the 
> secured area, and unprotected. For a person that has insufficient motivation, 
> its security could be rated the same as of the last item--it's just as strong 
> of a 'deterrent'. But, for a person motivated to finding the means, it holds 
> no strength, thus is 'not secure'.
> 
> The others, because anyone can readily bypass, I consider 'not secure', 
> regardless of whether some people might still be deterred by what little 
> effort may still be required.

OK, here's the thing, security is ALWAYS a spectrum. As you have eluded,
there is a spectrum of motivation vs a spectrum of security measures.
You cannot say that ANYTHING is "secure". Such a thing simply does not
exist, and by extension "insecure" doesn't exist either, only the
spectrum of more secure and less secure exists. So you mach your secure
spectrum against the motivation spectrum (and risk and cost). DVDCSS
does a horrible job of matching security measures to motivation levels,
then again, they stop a lot of lay persons. Perhaps they are just taking
the "throw a bucket of mud and see how much sticks" approach, putting
moderate cost into the system, and gleaning the low hanging fruit, maybe
they really don't care enough to secure against the real hostiles...
maybe they want to ensure they still have people to sue... that's all
moot, the real point is it's ALWAYS a spectrum. You might be able to
define "insecure" as a poor match of security vs. motivation, but that's
as far as I would take it.

Here's a case in point. I once was acquainted with a doorway with no
door at all. Instead of a door was a sheet. If the sheet was closed
nobody went in, if it was open you went in if you so desired. This level
of security was completely sufficient for the situation. How is that
possible you ask? Well, the doorway was to a bathroom. Nobody wants to
walk in on someone in the bathroom. That is unless you wanted to dump a
picture of ice water on your brother in the shower. hahaha But if you
wanted to do that you could (or at least I could) overcome any bathroom
door lock.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20080510/d4646aba/attachment.bin 


More information about the PLUG mailing list