Richard Johnson wrote:
On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne Lynn Wheeler wrote:
note, however, when I did reference PAIN as (one possible) security
taxonomy i tended to skip over the term non-repudiation and primarily
made references to privacy, authentication, and integrity.
In my eperience, the terminology has more often been confidentiality,
integrity, and authentication. Call it CIA if you need an acronym easy
to memorize, if only due to its ironic similarity with that for the name of
a certain US government agency. :-)
I would agree that CIA reins supreme. It's easy to
remember, and easy to teach. It covers the basic
crypto techniques, those that we are sure about and
can be crafted simply with primitives.
CIA doesn't overreach itself. CAIN, by introducing
non-repudiation, brings in a complex multilayer
function that leads people down the wrong track.
PAIN is worse, as it introduces Privacy instead of
Confidentiality. The former is a higher level term
that implies application requirements, arguably, not
a crypto term at all. At least with Confidentiality
it is possible to focus on packets and connections
and events as being confidential at some point in
time; but with Privacy, we are launched out of basic
crypto and protocols into the realm of applications.
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]