ADMIN: on penet and on paranoia

Wed May 18 12:46:40 PDT 1994

   Eric Hughes wrote:
   >Paranoia is cryptography's occupational hazard.

   Yes, that is indeed the nature of it since many of the protocols are
   designed to work admist mutually distrusting parties.  A degree of
   suspicion/ paranoia is necessary - for example, digital cash.  

Paranoia is not necessary for protocol analysis.  While it is not
totally ineffective, it is certainly much less useful than
understanding the invariants of the protocol, for example.  Proof is
much more powerful than paranoia.

Evaluating the risks of a situation, even the ones of low probability
and large effect, is not paranoia.  The person who considers that
there might be people who want to listen it and uses cryptography
because the cost of deployment is less than the perceived risk (and
all risk is perceived risk) is not paranoid but prudent.  The person
who merely thinks there are people listening in and uses cryptography
to defend against them is just paranoid.

>From the outside these two states of mind are difficult to
distinguish.  Both use crypto, both acknowledge the existence of
people who wish to harm other people.  Yet the paranoid has identified
with the victim.  An indicator of paranoia is an unsupported claim
about a state of affairs in which the speaker is a target.  This is
what happen with the penet id assignments; some people implicitly
asserted the existence of malicious individuals.  Those who merely
brought up their _potential_ existence.  The evidence for this
distinction is speech-acts, not the most reliable indicator.

Therefore my advice about paranoia is more directed to individuals
pondering their own states of mind than to the examination of the
behavior of others.  Sometimes you may learn that another person
actually is paranoid.  You cannot, however, usually tell just from the
use of cryptography whether or not a person is paranoid.

To summarize my original claim in light of the foregoing, the paranoid
does not do protocol analysis as well because of a misdirected focus
on certain risks and not others.

   example, a non-suspicious person may be tricked into digitally signing
   anything (by getting them to sign a blinded document).

And for this reason, keys used for blind-signing should not be the same as
for email signing.  But this is a different discussion.

   I think I follow most of what you are saying; all the same, in this
   case, technical error or not, malicious person or not, the paranoia is
   justified.  

To assert the possible existence of the malign is acknowledgement.  To
assert the possible existence of the malign in some current situation
is suspicion.  To assert the actual existence of the malign without
good evidence is paranoia.

I don't think you use the word "paranoia" as I do above, which I would
term suspicion.

Eric