Update to BCP-38?

• Previous message (by thread): Update to BCP-38?
• Next message (by thread): Update to BCP-38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> You've ignored step 1 - identifying critical information that needs
> protecting. It makes sense to protect information that needs protecting and
> don't lose sleep over information that doesn't need protecting. Not many of
> us are planning an invasion of a Nazi-infected Europe any time soon.

We are heading toward a restatement of Kerckhoff's principle/Shannon's maxim,
the latter of which can be paraphrased as "design systems assuming that
your adversary will know as much about them as you do".

Not that I'm advocating publishing all internal design documents, but systems
whose security is predicated on the secrecy of those are brittle and likely
to be badly compromised.  Better to assume that enemies know or can find out
everything and design/build accordingly.

---rsk

• Previous message (by thread): Update to BCP-38?
• Next message (by thread): Update to BCP-38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]