Ed and all,
Ed Gerck wrote:
> Jeff Williams wrote:
>
> > Kent Crispin wrote:
> >
> > > On Sat, Mar 27, 1999 at 11:33:47AM -0800, Ed Gerck wrote:
>
> > > > Of course, some believe that more security justifies less privacy.
> > > > However, it is important to keep in mind that privacy is a long term
> > > > asset, while security is a short-term goal -- and, very volatile. It is
> > > > thus not a good idea to trade privacy for security -- or, you'll loose
> > > > both. And, once lost, privacy is lost for life. This is the paradox of
> > > > privacy versus security, often found in networks of networks as the
> > > > Internet or in intersubjective relations such as age-old commerce and
> > > > organizational structures. For a discussion, also including biometrics
> > > > and other privacy issues, please see http://www.mcg.org.br/faust.htm
> > >
> > > Your analysis is quite flawed. There is no conflict between security
> > > and privacy -- quite the reverse -- and I don't know anyone who feels
> > > that way.
> >
> > I would in part agree with you here Kent. I would state it a bit differently
> > however. There are very few conflicts between security and privacy.
> > This is certainly NOT to say that they do not exist.
>
> Jeff:
>
> I will go even further ... there are ZERO conflicts between privacy and
> security, as there are ZERO conflicts between position and momentum.
> But, you cannot define both as precisely as you wish -- if you want a
> better defined position than you must live with a lesser defined
> momentum.
Precisely correct, and illustrates my point, although more simply put.
>
>
> This example is also called a paradox -- "contrary to expectation", in
> the sense that it possesses seemingly contradictory qualities. Of
> course, security is NOT contradictory to privacy, is not in conflict
> with it and is not an antinomy of it either. But, if you want a better
> defined security than you better reduce the amount of private data you
> allow to be known.
Exactly right again Ed. And this is my point to which I answered or
commented to Kents illogical statement, which unfortunately he has
a gross propensity for making.
> Conversely, if you want to increase your security
> bar in a transaction, you need to rely on data which the other party
> must relinguish to you and which must be mostly relevant to that
> transaction and not to all others -- you need data private to that
> transaction or, even but not necessarily, private to the other party as
> the guarantor of the transaction [1].
True as well.
>
>
> In mathematical terms, privacy and security are independent conjugate
> variables. There is no conflict at all -- they are fully independent.
> They are not complementary either, nor the negative of the other. And
> yet, one cannot be measured (or, defined) without influencing the other.
YEs. As you recall about 4 years back we had similar discussions
with several on the SSL mailing list...
>
>
> Hope to have made it clearer.
More exacting would be how I would put it... >;)
>
>
> However, the privacy versus security paradox does not occur in two-party
> systems such as in networks, but in networks of networks -- the
> Internet, for example. It is thus one of the metric functions I can use
> to define whether *any system* is a network or a network of networks,
> not an easy task oftentimes (due to implicit trust relationships).
Exactly. And this is something that members of this and the IFWP
list seem to be in short supply of and if memory serves me correctly,
there has never been much of implicit trust shown on these lists
by most of it's subscribers.
>
>
> In other words, on the operational level we may perceive that both
> Internet and other organizational structures, as well as commerce in
> various forms, all operate on similar principles of "networks of
> networks" -- which I call intersubjective trust principles [2]. These
> can be abstracted, as [2] indicates, and can serve as a common ground
> for system design. However, if these intersubjective trust issues are
> ignored, then they become even more important in the hands of attackers
> or provide rich grounds for breeding simple bad luck. A fundamental
> dilemma is posed by this situation: either one recognizes and deals with
> the intersubjective trust complications or they become more complicated
> and threaten to overwhelm.
Good points here Ed, quite correct as well...
>
>
> As an example, I will take a system which was not recognized beforehand
> to be a network of networks, so that intersubjective trust issues were
> largely ignored, for +20 years. This system was, and still is, treated
> as a 2-party business -- network-like, not internet-like.
Indeed this has been displayed too many time by many on these lists,
and though many attempts have been made to highlight this it
unfortunately continues to occur, as Kent has projected here. Now we
fine that it has creeped into the ICANN in some of its policy proposals
such as the Accreditation Policy and the DNSO.
> That system is
> the DNS Registry-Registrar-Registrant system -- which IMO explains why
> the current problems will not go away until this is recognized and
> properly accounted for in the business models *and* protocols, to
> varying degrees of approximation.
>
> But, this is another subject.
>
> Cheers,
>
> Ed Gerck
>
> =============
> REFERENCES:
>
> [1] http://www.mcg.org.br/faust.htm
> [2] http://www.mcg.org.br/trustdef.htm
> _____________________________________________________________________
> Dr.rer.nat. E. Gerck [EMAIL PROTECTED]
Regards,
--
Jeffrey A. Williams
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail [EMAIL PROTECTED]
Contact Number: 972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
