[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ADMIN: on penet and on paranoia
Paranoia is cryptography's occupational hazard.
Recently there has been a small rash of complaints about unwanted
assignment of penet pseudonyms. The first reported was simply a
description, the most recent assumed that the assignment was the
result of someone trying to find out mappings in the penet database.
This clear illustration of paranoia setting in demonstrates the nature
of the hazard. The effect of paranoia is self-delusion of the
following form--that one's possible explanations are skewed toward
malicious attacks, by individuals, that one has the technical
knowledge to anticipate. This skewing creates an inefficient
allocation of mental energy, it tends toward the personal, downplaying
the possibility of technical error, and it begins to close off
examination of technicalities not fully understood.
Those who resist paranoia will become better at cryptography than
those who do not, all other things being equal. Cryptography is about
epistemology, that is, assurances of truth, and only secondarily about
ontology, that is, what actually is true. The goal of cryptography is
to create an accurate confidence that a system is private and secure.
In order to create that confidence, the system must actually be
secure, but security is not sufficient. There must be confidence that
the way by which this security becomes to be believed is robust and
immune to delusion.
Paranoia creates delusion. As a direct and fundamental result, it
makes one worse at cryptography. At the outside best, it makes one
slower, as the misallocation of attention leads one down false trails.
Who has the excess brainpower for that waste? Certainly not I. At
the worst, paranoia makes one completely ineffective, not only in
technical means but even more so in the social context in which
cryptography is necessarily relevant.
The problem with assignment of penet ID's was not due to any malicious
intervention, but rather someone subscribing to the list with a penet
address. Since the list doesn't alter the headers much at all, the
originator of a list message is sending indirectly to penet, forwarded
through toad. I've swapped the address so this shouldn't happen again.