In response to the January 16 Perspectives column by Whitfield Diffie, "":
While I find Diffie's core argument--that secrecy does not equal security--to hold water, I find that a couple of his analogies don't. His premise is valid, but his final assertion--that a "no secrets" approach to security is the best approach--is fatally flawed.
First and foremost, automotive manufacturing has never even approached being "open-source." Manufacturers repeatedly engaged in practices, now and in the past, to stifle precisely the behavior Diffie suggests. For example, in order to remove some parts on my very first car, I had to purchase special screwdrivers patented by the auto manufacturer, made by the manufacturer, and sold only by the manufacturer at a ridiculous price--thus ensuring only manufacturer-authorized service people could work on (its cars).
In the area of automotive repair and safety in our post-Corvair age, I think Ralph Nader would have a thing or two to say about manufacturers' tracking (the) repair history (of their car models). This isn't to improve quality, as is the case with responsible software parties, but rather to calculate liability and planned obsolescence. There are likely hundreds of safety and efficiency enhancements that could be made to automobiles today that are intentionally withheld; this would likely never happen in open source. For example, look how long it took for airbags to become available in automobiles, compared with when they were first developed. In point of fact, recalls and service bulletins are enforced and tracked by the National Transportation Safety Board, not by manufacturers.
Second, the blanket statement that secrets are undesirable in security is an assertion that is inherently flawed, even in the area of cryptography. Why bother with passphrases/secret keys in peer-to-peer (systems)? Even our government, in its Trusted System Evaluation Criteria, mandates that passwords be kept secret--even from administrators. And while our U.S. standard encryption mechanism might be a well-known model, I daresay some defense agencies will keep their implementations of it plenty secret.
The inherent flaw in the "no secrets" security mentality is that the delay between flaw discovery and flaw repair is just wide enough, sometimes, for someone to drive a truck through, or crash a plane into, and only secrecy creates a sufficient delay to bridge the gap.
J. Scott Bushey