From: iw@all.net
Subject: IW Mailing List iw/951231
---------------------------------------------
Date: Sat, 30 Dec 1995 18:57:08 -0600
From: Walter Auch 
Subject: Re: IW Mailing List iw/951230

At 19:23 12/30/95 EST, IW wrote:

>HOWEVER - this is now becoming a semantics issue rather than an IW issue
>(or even a technical issue) - let's agree to saying that effective
>non-physical information protection usually depends, at some level, on
>something being kept obscure.]

It always WAS a semantics issue, but if we allow your arguement to again
be taken down still another level, you would see that although the keys
have vulnerability associated with them, no one is keeping the fact that
keys DO have vulnerability a secret. 
---------------------------------------------
From:
C4I-Pro-Digest           Saturday, 30 December 1995     Volume 02 : Number 084
...
Date: Sat, 30 Dec 1995 22:30:27 -0600
From: Monte Turner 
Subject: WWW Site - E-HAWk Cadre - http://www.olcommerce.com/cadre/index.html

It is my proud duty to announce the emergence of a remarkable new site on
the World Wide Web, and one you will all want to visit - E-HAWK Cadre
(http://www.olcommerce.com/cadre/index.html).

This site represents the confederation of De re militari, MIL-HIST, and
E-HAWK, ...  each the consummate Web Site in its own area of expertise. 

We have combined the overlapping areas of the these three sites,
allowing the strengthening of the core elements of each independent
site.  What arises from this brilliant stroke is the absolute central
web site for accessing all areas of current and historical military
information! If you are interested in any of the following areas you
HAVE to visit the E-HAWK Cadre:
	http://www.olcommerce.com/cadre/index.html
----------------------------------------------
From: peter@nmti.com (Peter da Silva)
Subject: Re: IW Mailing List iw/951228
Date: Sun, 31 Dec 1995 14:36:28 -0600 (CST)

> Try to name some type of info-sec that is effective and doesn't depend
> on anything physical and yet does not involve obscuring anything in any
> way.  The reason you can't do it is because other than some physical
> attributes, one bit is the same as another.  Unless you can keep me away
> physically, the only option is to keep me from knowing the right bits -
> and that is security through obscurity. ...

Security through obscurity doesn't refer to some generic "secret".  It
refers to depending on the secrecy of implementation details, that are
hard to change. 

Passwords and the like can be changed quickly and routinely.

The fact that anyone can issue a "cancel" by forging the sender's
address is security through obscurity.  Once the obscurity is gone, you
can't restore the security without changing procedures.  If they were
PGP- keyed (or something similar) you would just have to change the key
if your key was compromised. 
---------------------------------------------