[Full-Disclosure] Re: Response to comments on Security and Obscurity

[gadgeteer@xxxxxxxxxxxxxxxxxxxxxx]

On Wed, Sep 01, 2004 at 11:27:17AM -0400, Peter Swire (peter@xxxxxxxxxxxxxx) 
wrote:
>       Some responses to the first morning worth of comments.  A big reason for
> posting the paper to Full Disclosure was to make the paper less stupid -- to
> learn from the list.  I've been working on this topic since I left the White
> House in early 2001, where I worked on privacy and computer security issues
> including the Federal Intrusion Detection Network, etc.  A 2001 version of
> the paper needed a lot of work, and is still on the publications page of my
> web site as a work in progress ("What Should be Hidden or Open in Computer
> Security?").  I've presented this stuff quite a few times in front of
> technical audiences since, and continue to seek to improve it.  I continue
> to think that this is an important topic -- for computer security and
> Homeland Security and physical security (especially after all the
> pro-secrecy actions since 9/11), when is secrecy at all justifiable, and
> when instead does it lead to bad security in addition to bad accountability?

Ah...  Well, we all have day jobs.  :-)
If your opinions have as wide an impact as the paragraph above would
indicate.  A more practical and serious critique is called for.

I'm on my way out the door to a meeting in another town so I will have
to get back to you later on this.

cheers,
-- 
Chief Gadgeteer
Elegant Innovations

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html