undefined | Better HN

0 pointstptacek16y ago0 comments

You'll note that I didn't comment on his post about Gentry's homomorphic encryption scheme, for two reasons: (1) homomorphic encryption is a very boring topic, and (2) I don't feel like I have an authoritative argument for Schneier not being qualified to talk about it. Having dispensed with the straw man in your second graf, I'll take the 1st and 3rd in order.

I have been interviewed by reporters. And I have, in fact, made lots of mistakes with them. Security researchers are unnaturally attractive to trade reporters, and there's business value in cultivating contacts with them, and I've definitely let that process run too far in the past.

So, a mistake is a mistake. And thus, regarding your first graf, two responses:

(1) I stand by my original argument that Schneier doesn't appear to be close enough to Chrome OS security to comment on it, and his comments appear to misconstrue what Chrome OS is aiming for, and

(2) I stand by my original argument that this is an example of Schneier's business objective of inserting himself into every conversation about computer security again coming at a cost of his credibility.

Finally, you want to understand my need to pull Schneier down. I don't care if he's smart. I care that he's a guru. He's listened to uncritically by lay professionals, and his opinions about the problems they face are often not valuable. I'll add that Schneier's reputation in cryptography --- a field I am not a part of --- is not ironclad. If you want to stick up for a scientist, start with their citation record. Let us know what you find.

0 comments

2 comments · 1 top-level

alexgartrell16y ago· 1 in thread

Don't you kind of think homomorphic encryption is a big deal for what it allows? I mean, at it's core, running arbitrary computation on encrypted data for the later consumption of the decrypter is a very big deal, and can be a Cloud game-changer.

Schneier may not be the world's greatest guru, but he knows a lot and he writes well, which makes his opinion more relevant on average than almost anyone else's. If you want a similar amount of "street cred", write a book.

No seriously, I'd read a book by you guys, just write it, please.

tptacekOP16y ago

I start caring about crypto (and security) when it gets deployed in the real world, so I can break it. We ship a product, but for the most part, I am myself a professional abuser of software. So there you go, re: homomorphic encryption.

As regards "street cred", look, you can assign whatever credibility you want to the guy. I'm telling you, from the trenches, you are often going to be worse off for basing decisions based on what he says. Sure, you'll say, you don't base decisions off what some random pundit on the Internet says, and I say to you, "good on ya". But lots of people do, and so taking the piss out of him is a noble enterprise in my view.

And I am all about the nobility.

j / k navigate · click thread line to collapse