On Wed, Jul 13, 2011 at 2:01 AM, Ian G <i...@iang.org> wrote: > On 13/07/11 9:25 AM, Marsh Ray wrote: >> >> On 07/12/2011 04:24 PM, Zooko O'Whielacronx wrote: >>> >>> On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad<bh...@paypal-inc.com> >>> wrote: >>>> >>>> I have found that when H3 meets deployment and use, the reality >>>> too often becomes: "Something's gotta give." We haven't yet found >>>> a way to hide enough of the complexity of security to make it >>>> free, and this inevitably causes conflicts with goals like >>>> adoption. >>> >>> This is an excellent objection. I think this shows that most crypto >>> systems have bad usability in their key management (SSL, PGP). People >>> don't use such systems if they can help it, and when they do they >>> often use them wrong. >> >> But the entire purpose of securing a system is to deny access to the >> protected resource. > > And that's why it doesn't work; we end up denying access to the protected > resource. > > Security is just another function of business, it's not special.
Unless of course, your business IS (all about) security. :D > The purpose of security is to improve the profitability of the resource. > Protecting it is one tool to serve security & profits, and re-engineering it > so it doesn't need any protection is another tool... There are many such > tools :) I disagree with this statement and think it is an overgeneralization. At its core, security is about "ensuring trust" and "managing risk", not about improving the profitability of the resource. Protecting a resource certain is a component of it, but IMO, it is way too far reaching to state that this is "the purpose" of security. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography