Security via Sounding Impressive

• To: www-security@ns2.rutgers.edu
• Subject: Security via Sounding Impressive
• From: szabo@netcom.com (Nick Szabo)
• Date: Thu, 16 Nov 1995 20:04:01 -0800 (PST)

I've notice an interesting pattern in how security mechanisms are named.
On the one hand, we have some security features with very impressive sounding
names:

Certification *Authority*
*Authorization*
*Trusted* Server
*Master* Key
etc.

These words fill most people with awe and good will towards the feature so 
named. They also make good channel markers, pointing out the _insecure_ parts 
of the system.  The effect is to cover up the lack or inadequecy 
of a mechanism with invocations that put our brains to sleep. This 
is quite lucrative for marketing purposes, but it works on
many designers of security features as well!

On the other hand, when we isolate the actual mechanisms of a system
are in fact  mathematically secure, we get names like:
 
Encryption
Blinding
Message Digest
Mix
Capability

These are just plain, boring words, with no connotation that we should
trust them like we trust our big brother.  They just work.
 
Nick Szabo					szabo@netcom.com
Internet Commerce & Security consulting -- e-mail for details

• Previous: Re: mail port [Off Topic]
• Next: Re: mail port [Off Topic]
• Index(es):
  • Index
  • Thread