EM-nature (was: infra-org)

[brian carroll]

(now i realize i likely misread, strange-read/reply-functioned your post,
not quite or completely grokking the distinction between crypt.crypto
and implementation, separation or distancing of these though still the
relation to nature itself as example appears retained, as if providing
proof-of-concept and demonstration models for how to go about it,w
watching various creatures, ecosystems, crystals, particle dynamics)


John Young <jya at pipeline.com> wrote:

> The earliest and most enduring form of infosec -- crypt-crypto --
> is non-EM, non-language, non-homo-erectus. Current versions contain
> vestigals of those primitives in what is disingenuously termed
> implementation. And it is in implementation where most comsec
> failures occur and where most successes succeed. Code is
> closer to whistling in the dark, baying at the moon, offering newborns
> to hungry wolves.
>
> Implementation is 99.99+% of infosec-comsec, perhaps 100%.
> Code hardly scratches the surface and might be constructively
> seen as a ruse, a strategem, concocted and promoted to delude.
>
> Delusion is the prime purpose of implementation. Code inebriation
> creates phantasms of security by ignoring signs of predators
> aprowl where coders live, work, sleep, chat OTR and post.
>
> David Kahn, among others, amply desribes the range of
> implementation, its short-term successes and long-term
> delusions. Nothing finer in Carolina than belief in an
> invulnerable cryptosystem. Less noticed is the effectiveness
> of promulgating an invulnerable comsec or cryptosystem to
> encourage widespread use. As seen today, not only in the
> fantastic rise of the comsec industry but also in the frantic
> efforts to keep the ball rolling to counter Snowden's
> disclosures of delusion.