11 March 2015
The principles of data security design
Date: Wed, 11 Mar 2015 21:08:51 +0000
From: Peter Fairbrother <zenadsl6186[at]zen.co.uk>
To: Ladar Levison <ladar[at]lavabitllc.com>, Cryptography Mailing List
Subject: Re: [Cryptography] DIME // Pending Questions // Seeking Your Input
The principles of data security design:
First Principle: If data isn't collected, it can't be stolen.
Second Principle: Only people you trust can betray you. The rest are just
out to get you.
Third Principle: Never underestimate the attention, risk, money and time
that an opponent will put into reading traffic (Robert Morris).
Fourth Principle: Keep it simple. The more complex it is, the more places
there are to attack.
Fifth Principle. Modes and choices are bad in crypto protocols, they give
users choices they are not qualified to make. It's your job to be clever,
not the user's.
Sixth Principle. a system that's hard to use either doesn't get used, or
it gets misused. Good user interfaces are essential. Users don't RTFM, so
don't expect them to.
Seventh Principle: Leaving holes to let "good governments" in will inevitably
leave holes for others as well. (Jerry Leichter)
Eighth Principle: In code, assume nothing ever really goes away. (Jerry Leichter)