Re: CIA - the cryptographer's intelligent aid?

2004-01-07 Thread Anton Stiglic
The thing about CIA is that it is commonly used in security (not
courses to mean Confidentiality, Integrity (of systems) and Availability
of Authentication).  Availability of systems, services and information.

For crypto I always talked about CAIN or PAIN (like in no PAIN
no gain, or cryptography is allot of PAIN).  -- note, I also prefer the word
Confidentiality over Privacy, the latter being to high level and I usually
it to mean the hiding of who is communicating with who (anonymity

When introducing digital signatures I always state that they provide
(as do MACs, which I introduce beforehand) but also the possibility of
non-repudiation.  And then I go on stating that it is very hard, if not
to in fact implement non-repudiation.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

CIA - the cryptographer's intelligent aid?

2003-12-28 Thread Ian Grigg
Richard Johnson wrote:
 On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne  Lynn Wheeler wrote:
  note, however, when I did reference PAIN as (one possible) security
  taxonomy  i tended to skip over the term non-repudiation and primarily
  made references to privacy, authentication, and integrity.
 In my eperience, the terminology has more often been confidentiality,
 integrity, and authentication.  Call it CIA if you need an acronym easy
 to memorize, if only due to its ironic similarity with that for the name of
 a certain US government agency. :-)

I would agree that CIA reins supreme.  It's easy to
remember, and easy to teach.  It covers the basic
crypto techniques, those that we are sure about and
can be crafted simply with primitives.

CIA doesn't overreach itself.  CAIN, by introducing
non-repudiation, brings in a complex multilayer
function that leads people down the wrong track.

PAIN is worse, as it introduces Privacy instead of
Confidentiality.  The former is a higher level term
that implies application requirements, arguably, not
a crypto term at all.  At least with Confidentiality
it is possible to focus on packets and connections
and events as being confidential at some point in
time; but with Privacy, we are launched out of basic
crypto and protocols into the realm of applications.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]