[Previous] [Next] [Index]
[Thread]
Security via Sounding Impressive
I've notice an interesting pattern in how security mechanisms are named.
On the one hand, we have some security features with very impressive sounding
names:
Certification *Authority*
*Authorization*
*Trusted* Server
*Master* Key
etc.
These words fill most people with awe and good will towards the feature so
named. They also make good channel markers, pointing out the _insecure_ parts
of the system. The effect is to cover up the lack or inadequecy
of a mechanism with invocations that put our brains to sleep. This
is quite lucrative for marketing purposes, but it works on
many designers of security features as well!
On the other hand, when we isolate the actual mechanisms of a system
are in fact mathematically secure, we get names like:
Encryption
Blinding
Message Digest
Mix
Capability
These are just plain, boring words, with no connotation that we should
trust them like we trust our big brother. They just work.
Nick Szabo szabo@netcom.com
Internet Commerce & Security consulting -- e-mail for details