Lothar Scholz wrote:
> SJ> Lothar Scholz wrote:
> 
>>>The first rule of security is not to talk about security.
> 
> 
> SJ> Precisely the opposite:
> 
> For academics: yes.
> For practical use: no.

Sorry, that's just wrong. I'm not an academic, and what I know about 
security is largely shaped by interacting with experts from large 
commercial providers and consumers of security technology (e.g., IBM and 
Wall Street).

For an amusing counterexample, see Secure Digital Music Initiative and 
Felten v. RIAA.

But let me put the burden of proof back on you. Can you name a single 
acknowledged security expert who says "the first rule of security is not 
to talk about security". I can find plenty who say the opposite.

Steve