[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security via Sounding Impressive




I've notice an interesting pattern in how security mechanisms are named.
On the one hand, we have some security features with very impressive sounding
names:

Certification *Authority*
*Authorization*
*Trusted* Server
*Master* Key
etc.

These words fill most people (many on this list are exceptions)
with awe and good will towards the feature so named. They also 
make good channel markers, pointing out the _insecure_ parts 
of the system.  The effect is to cover up the lack or inadequecy 
of a mechanism with invocations that put your brain to sleep. This 
is quite lucrative for marketing purposes, but it works on
many designers of security features as well!

On the other hand, when we isolate the actual mechanisms of a system
are in fact  mathematically secure, we get names like:
 
Encryption
Blinding
Message Digest
Mix
Capability

These are just plain, boring words, with no connotation that we should
trust them like we trust our big brother.  They just work.
 
Nick Szabo					[email protected]
Internet Commerce & Security consulting -- e-mail for details