Ian G <[EMAIL PROTECTED]> writes: > No it's not rocket science - it's economic science. > It makes no difference in whether the business is > small or large - it is simply a question of costs. If > it costs money to do it then it has to deliver a > reward. > > In the case of the backup tapes there was no reward > to be enjoyed. So they could never justify encrypting > them if it were to cost any money.
That's a pretty weird view on several levels. 1) There is a substantial reward in not having one's client data compromised. 2) The cost in question is so small as to be unmeasurable. You keep speaking, Ian, about economic tradeoffs, as though there were a cost/benefit analysis at work here. The truth is, the likely reason no one encrypted the data on the tapes in transit was because no one thought to do it, or they were too lazy to bother to make even the simplest effort, or both. I don't disagree that security often involves cost benefit tradeoffs. Do you have a human watch a security camera in real time, or simply record its output? Do you permit external access on people's own computers, or force them to use vetted devices for external access that they cannot reconfigure? Do you run Windows on the DMZ application server because it is easier, or a much more secure OS that does not have as rich an application set? Those are complicated situations with real tradeoffs. There is lots of debate you can have about them. They're not trivial situations. However, you keep mentioning completely *bogus* tradeoffs. Your constant stream of comments to the effect that "security is a cost benefit tradeoff" with respect to things like using SSL or encrypting tapes or what have you would make some sense if there were, in fact, measurable cost involved, or of the benefits were distant and intangible. The benefits, however, are very obvious and large, and the cost is as close to nil as anything gets in business. I understand the point you keep making, but it is not an interesting point, and not even close to correct so far as I can tell. > Now consider what happens when we change the > cost structure of crypto such that it is easier to do it > than not. This is a *hypothetical* discussion of course. > > Take tar(1) and change it such that every archive is > created as an encrypted archive to many public keys. > Remove the mode where it puts the data in the clear. Oh, good. Then I can't use tar for most of the purposes I use it for day to day, and all so I can avoid having to put one more command in the pipeline. No thank you. You want to understand the real problem in security? It isn't your constant mythical attention to "cost". It is human stupidity. Have a look, for example, at http://www.americanexpress.com/ which encourages users to type in their credentials, in the clear, into a form that came from lord knows where and sends the information lord knows where. Spoof the site, and who would notice? Every company should be telling its users never to type in their credentials on a web page downloaded in the clear, but American Express and lots of other companies train their users to get raped, and why do they do it? Not because they made some high level decision to screw their users. Not because they can't afford to do things right. It happens because some idiot web designer thought it was a nice look, and their security people are too ignorant or too powerless to stop it, that's why. It has nothing to do with cost. The largest non-bank card issuer in the world can pay for the fifteen minutes of time it would take to fix it by putting the login on a separate SSL protected page. It has nothing to do with "ease of use" or tools that default "safe". The problem is that they don't know there is anything to fix at a level of the firm that is capable of taking the decision to fix it. Security these days is usually bad not because good security is expensive, or because it is particularly hard. It is bad because even people at giant multinational corporations with enough budget to spare are too dumb to implement it. We don't need more encryption algorithms, or replacements for SSL, or fascinating new tools. What we need is more common sense. No amount of new, user friendly, defaults-to-safe tools will prevent American Express, Citibank or anyone else from doing something idiotically dumb. In case you think the answer is regulation, by the way, let me note that most of the regulatory pressure I've seen on security policy results in people finding extremely well documented ways to do exactly what the regulators ask, to no actual effect. This is generally because the regulators are almost uniformly as dumb or dumber than the people they regulate. The only thing that will fix this having enough people get so badly burned that CEOs start taking heads when people do dumb things. I imagine it can't be too many more years before that becomes the case. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
