[86069] in cryptography@c2.net mail archive
Re: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Apr 23 08:25:55 2007
Date: Sun, 22 Apr 2007 22:57:40 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Cc: cryptography@mail.gbch.net, David Wagner <daw@cs.berkeley.edu>
In-Reply-To: <nospam-1177285150.88609@joker.gbch.net>
On Mon, 23 Apr 2007 09:39:10 +1000
Greg Black <cryptography@mail.gbch.net> wrote:
> On 2007-04-21, David Wagner wrote:
>
> > If you're sick and you go to a doctor, do you tell the doctor "you'd
> > better come up with some very clear arguments if you want me to
> > follow your advice"? Do you tell your doctor "you'd better build a
> > strong case before I will listen to you"? I would hope not. That
> > would be silly.
>
> Not at all. That would be smart. Blind deference to experts, in any
> field, is just plain stupid.
>
> > Doctors are medical professionals with a great deal of training and
> > expertise in the subject. They can speak with authority when it
> > comes to your health. So why do people with no training in
> > security think that they can freely ignore the advice of security
> > professionals without any negative consequences?
>
> Asking the professionals to make a clear case is not the same as
> freely ignoring them. But blindly following those who speak with
> authority leads to all sorts of nonsensical outcomes.
>
> If we are consulting an expert, it behoves us to examine the expert's
> reasoning. If we are the experts, we should expect to have to explain
> ourselves to those who rely on us -- and we should volunteer those
> explanations rather than making people drag them out of us.
Sure -- but remember that in general, *you don't know as much as the
expert*. It's relatively easy to learn the basic facts; however,
learning *judgment* is a lot harder -- and that's what you're really
paying the expert for.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
