Re: [Full-Disclosure] Response to comments on Security and Obscurity

[James Tucker <jftucker@xxxxxxxxx>]

On Thu, 02 Sep 2004 10:02:12 -0400, Barry Fitzgerald
<bkfsec@xxxxxxxxxxxxxxxx> wrote:
> I... tend to agree.  It's a difficult question because analogies are
> useful if the person reading the paper has no point to base their
> opinion off of.  However, I see two problems with this:
> 
> 1) Perhaps a paper of this type shouldn't be considered introductory
> material.  Perhaps the knowledge of the system should be a pre-requisite
> for reading the paper.  Familiarity with the topics should be assumed.
> Discerning between the advantages and disadvantages between disclosure
> and secrecy isn't a small or simple thing and perhaps people without
> that level of familiarity, shouldn't venture directly down that path.
> 
> 2) The above is especially true in the case of influence of public
> policy.  If person shaping public policy is basing their opinion off of
> a (most likely defunct) analogy, we have a major problem.  As I'm sure
> Peter is aware, this is probably more often than not, the rule in the
> shaping of public policy.  It reminds me of the scene in Fahrenheit 9/11
> where they were discussing the fact that the Patriot Act was passed
> without a single legislator reading it.  This scares me a lot.  Of
> course, this increases the need for simplification of the issues so that
> legislators can at least vote with a modicum of knowledge on a subject,
> but thus begins the cycle...
> 
> Perhaps a series of papers is more appropriate, starting with an
> in-depth understanding of the ideologies from the ground level?

I agree.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html