Re: "Historic" is wrong

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 6, 2025 at 10:50 PM Theodore Ts'o <tytso@xxxxxxx> wrote:
Sorry, when I was going through my e-mail, I rolled my eyes and
deleted the thread from SAAG as being (IMHO) an amazingly pointless
waste of time, so I didn't bother replying.  When I saw another
proposal where people were spending a lot of time arguing about a
global search and replace of one set of terms for another on the IETF
list, I didn't realize that the two threads were on different threads,
and so I replied to the second thread mentioning the MITM debate on
the saag list.

As I concluded from the other thread:

> The bottom line is we need to ask the question of whether the benefits
> are larger than the costs of making terminology changes, and in my
> opinion for both of these cases, the answer is "no".

With all due respect, I find that approach misses what the IETF is about, which is providing clear and accurate descriptions of Internet protocols.

Security is hard because it involves people. There never was a computer that committed a crime, it is always people who use computers to perform attacks. And having precise language with a widely shared meaning to describe the abilities of attackers is critical to developing a defense.

Some of you might remember that Mallet used to be called 'Mallory'. Rivest changed the name after my friend John Mallory attended one of Rivest's cryptography reading group meetings. He didn't need to be asked either.

The anthropomorphizing of attacks might seem cute but it leads to sloppy thinking and sloppy thinking leads to vulnerabilities and what is often worse, overly engineered solutions that are great in theory but unworkable in practice meaning (almost) nobody uses them.


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux