Richard Johnson wrote: > > On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne & Lynn Wheeler wrote: > > note, however, when I did reference PAIN as (one possible) security > > taxonomy .... i tended to skip over the term non-repudiation and primarily > > made references to privacy, authentication, and integrity. > > In my eperience, the terminology has more often been "confidentiality, > integrity, and authentication". Call it CIA if you need an acronym easy > to memorize, if only due to its ironic similarity with that for the name of > a certain US government agency. :-)
I would agree that CIA reins supreme. It's easy to remember, and easy to teach. It covers the basic crypto techniques, those that we are sure about and can be crafted simply with primitives. CIA doesn't overreach itself. CAIN, by introducing non-repudiation, brings in a complex multilayer function that leads people down the wrong track. PAIN is worse, as it introduces Privacy instead of Confidentiality. The former is a higher level term that implies application requirements, arguably, not a crypto term at all. At least with Confidentiality it is possible to focus on packets and connections and events as being confidential at some point in time; but with Privacy, we are launched out of basic crypto and protocols into the realm of applications. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
