What do you use PGP/SMIME for?

Nicholas Leippe nick at leippe.com
Fri May 9 14:42:54 MDT 2008 

On Thursday 08 May 2008, Von Fugal wrote:
> I dissagree, it's always a spectrum, you simply choose to treat a
> certain portion of the spectrum as one lump, but that doesn't change the
> fact that there is still a spectrum there. You say DVD CSS is "insecure,
> period". Well, I bet it stops some percentage of people from copying
> dvds onto their computers, and that percentage is proportional to the
> work, finding the software in this case.

I realize that this is semantics, but I'd like to understand better how we 
should phrase these things. So, how would you distinguish these items?:

a) an open doorway
b) a door without a lock
c) a door with a broken lock
d) a door with a lock, but the key is 'hidden' under the mat, which fact is
   common knowledge
e) a door with a lock, and the key is 'hidden' under the mat, which fact is
   not common knowledge
f) a door with a lock

If there's merely a doorway, I think we would agree that there is no security 
at all--just walk right through it. Maybe there's a sign that says 'do not 
enter', but I think we'd still agree that that doesn't constitute any actual 
security.

If there's a door without a lock--do you still consider it secure at all?
Just because some people might be too lazy to open it to go in--and that 
amount of effort is thus a 'deterrent'--I still don't consider it secure. 
Anyone with a minimum of motivation can just open it and walk right through.

Similar can be said for a door with a broken lock--which is what dvd css is at 
this point--they just have to open the door. You could argue that dvd css is 
more like (d)--the lock still works but the key is hidden in plain sight, and 
everybody knows it. Fine, but it's hardly any more effort considering that 
anyone that has the minimum of motivation will know that the key is hidden 
right there for anyone to use.

IMO, the only item on the list that qualifies for having any 'degrees' of 
security is the last one. The security is rated by the strength of the door, 
the jam, the strike plate, and the bolt, by the design of the mechanism, and 
whether it has a window nearby, etc.  The mechanism is in place, in tact, in 
use, and the means to bypass it do not lie insecurely outside.

The security of the penultimate item could be argued at length. It requires a 
bit of motivation to search for the key, since it isn't common knowledge that 
it's available, but given the motivation, the effort isn't necessarily all 
that high to use the door--and the means to do so are *outside* of the 
secured area, and unprotected. For a person that has insufficient motivation, 
its security could be rated the same as of the last item--it's just as strong 
of a 'deterrent'. But, for a person motivated to finding the means, it holds 
no strength, thus is 'not secure'.

The others, because anyone can readily bypass, I consider 'not secure', 
regardless of whether some people might still be deterred by what little 
effort may still be required.

I think the line is hard to quantify, but I still think it's there. To get 
through a door with a lock requires picking the lock, circumventing the 
entire doorway (a different way in), or somehow breaking the door or the 
mechanism. This is quite a bit different and more involved than the work 
required to bypass the other items.

I think the penultimate item really shows where there is room to discuss.
In it's case the security rating is dependent on the person--whether they are 
motivated enough or not. I see three factors:
- the deterrent strength of the actual item (door, mechanism)--how difficult
  is it to pass without the actual intended means to do so
- the availability of the means to pass it--can the key be obtained easily,
  is the lock broken, or is it not even locked...
- the type of person--motivated to get past it or not.

So how then, do we define how 'secure' something is?
- Is it the strength of the actual physical deterrent?
- Is it the likelyhood of obtaining the means to bypass it/how much effort
  is required to do so?
- Is it the percentage of people motivated enough to perform the effort to
  get past it?

Or, is it some combination, and if so, in what proportion?

I would think that security is irrelevant in regards to the people that have 
no desire/insufficient motivation to trespass. It was mentioned earlier that 
some people that would otherwise just walk right in could be deterred by just 
a door--it's too much effort. I would say that they are not malicious in the 
first place--otherwise they would have the motivation to try harder. For them, 
even a sign might be enough. So, just because a large number of people might 
otherwise wander in to copying a dvd to their pc, where css prevents them and 
they go no further, I do not see that as an argument for css providing any 
degree of security. A deterrent, yes, but not security.

I think there's a difference between deterring and securing. For me:

Deterring means that there is greater than 0 effort involved in obtaining 
access--but does nothing to segregate who 'can' put forth the effort.

Securing means that some actual 'means' that only authorized people should 
possess or be capable of is ordinarily required for access.

Securing thus provides a means of deterring all but a specific set of 
authorized people, whereas deterring alone doesn't segregate who 'should' get 
access--only who 'can', and only does so by their own motivations--not by any 
mechanism.

Perhaps I'm not describing what's in my mind very well, but this analogy will 
have to do.

More information about the PLUG mailing list