On Friday 09 May 2008, Andrew Jorgensen wrote: > On Fri, 2008-05-09 at 14:42 -0600, Nicholas Leippe wrote: > > a) an open doorway > > b) a door without a lock > > c) a door with a broken lock > > d) a door with a lock, but the key is 'hidden' under the mat, which fact > > is common knowledge > > e) a door with a lock, and the key is 'hidden' under the mat, which fact > > is not common knowledge > > f) a door with a lock > > I was gonna reply. In fact I did but I just erased it because I > realized you're arguing about a linear scale vs. a logarithmic scale and > that's JUST PLAIN DUMB. I'm not going to participate in another > big-endian vs little-endian debate.
No, I'm not. I'm saying that there _is no scale_ until you actually have security in place. It's a linear scale, shifted to the right--and the question is how do we define where to put the y-intercept? Here's a definition of security from wikipedia, which surprisingly to me, fits nearly exactly with what I've had in mind: "A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences." Notice that it requires: 1) protective measures which are specifically for the purpose of: 2) "ensuring" that no "hostile acts or influences" enter It says nothing about acts or influences that are not specifically hostile. It says nothing about protective measures designed for anything less than "ensuring" against hostile acts or influences. So the meandering fool that might walk in is of no concern. Furthermore, until there is a protective measure that fulfills (2), there is no security of which to even talk about. Notice that it also uses the word "ensure"--not just "deter" from trying, but to ultimately prevent the possibility of success. If you want to include the concept of "keeping out meandering fools that have no hostile intent" in the bottom of your security scale, I guess that's one way of defining security--but I don't think that way. The open doorway with armed guards was a good point. That most certainly counts as a "protective measure". It's not a lock, but it's even more effective since lethal force will most definitely ensure against hostile admittance. So, "how secure" is something? Using the definition above it only regards how well it prevents people that do have hostile intent from succeeding. This is why I say that dvd css, or the door with the key on the outside, are absolutely not secure, because anyone with hostile intent can walk right in. Regardless of the meandering fools that they might deter, they still do nothing to "ensure" that the "hostiles" can't enter. If you want to simply talk about how well something deters people without any hostile intent, I suggest that we're no longer talking about security at all. Instead, we're talking about creating inconvenience for the curious. I don't have a label for that, but I think that's the distinction that I've been trying to make. This "inconvenience" has a scale, but it is not on the same chart as the security scale. You could create a chart that is a function of both--but the ordinate would not be "security", it would be something else. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
