[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-yamamoto-v6tc-security-considerations-00.txt
Hi Jordi,
> 3 ... It may be better to use instead of adversary "malicious user" or
> something else ? I mean adversary may seem as "business competitor" or
> have
> other connotations, which I guess are not the intended ones ?
The best definition of security I have seen in this context is due to Oded
Goldreich, who says, roughly, that, "Security is about making protocols
robust against anyone who tries to make them deviate from their intended
behavior."
"Malicious," to me, means bad or evil, which involves a value judgment. It
could be that the one running the protocol is bad, and the one disrupting
the protocol is good, or there may be legitimate difference of opinion
about which party is good or bad.
"Malicious" also has an unfortunate connotation in some security
literature, whereby a "passive adversary" only observes the protocol and a
"malicious adversary" actively disrupts it. I dislike this usage, but it
nevertheless exists.
So IMHO, "malicious" has more connotative baggage than "adversary." If you
don't like "adversary," then maybe "attacker?"
Regards, Richard