Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

1.3 Terminology

Computer science is filled with ill-defined terminology used by different authors in conflicting ways, often by the same author in conflicting ways. We apologize in advance for probably being guilty sometimes ourselves. Some people take terminology very seriously, and once they start to use a certain word in a certain way, are extremely offended if the rest of the world does not follow.

When I use a word, it means just what I choose it to mean—neither more nor less.
—Humpty Dumpty (in Through the Looking Glass)

Some terminology we feel fairly strongly about. We do not use the term hacker to describe the vandals that break into computer systems. These criminals call themselves hackers, and that is how they got the name. But they do not deserve the name. True hackers are master programmers, incorruptibly honest, unmotivated by money, and careful not to harm anyone. The criminals termed "hackers" are not brilliant and accomplished. It is really too bad that they not only steal money, people's time, and worse, but they've also stolen a beautiful word that had been used to describe some remarkable and wonderful people. We instead use words like intruder, bad guy, and impostor. When we need a name for a bad guy, we usually choose Trudy (since it sounds like intruder).

We grappled with the terms secret key and public key cryptography. Often in the security literature the terms symmetric and asymmetric are used instead of secret and public. We found the terms symmetric and asymmetric intimidating and sometimes confusing, so opted instead for secret key and public key. We occasionally regretted our decision to avoid the words symmetric and asymmetric when we found ourselves writing things like secret key based interchange keys rather than symmetric interchange keys.

We use the term privacy when referring to the desire to keep communication from being seen by anyone other than the intended recipients. Some people in the security community avoid the term privacy because they feel its meaning has been corrupted to mean the right to know, because in some countries there are laws known as privacy laws which state that citizens have the right to see records kept about themselves. Privacy also tends to be used when referring to keeping personal information about people from being collected and misused. The security community also avoids the use of the word secrecy, because secret has special meaning within the military context, and they feel it would be confusing to talk about the secrecy of a message that was not actually labeled top secret or secret. The term most commonly used in the security community for keeping communication from being seen is confidentiality. We find that strange because confidential, like secret, is a security label, and the security community should have scorned use of confidential, too. In the first edition, we chose not to use confidentiality because we felt it had too many syllables, and saw no reason not to use privacy. For the second edition we reconsidered this decision, and were about to change all use of privacy to confidentiality until one of us pointed out we'd have to change the title of the book to something like Network Security: Confidential Communication in a Non-Confidential World, at which point we decided to stick with privacy.


Isn't it terrifying that on the Internet we have no privacy?


You mean confidentiality. Get your terms straight.


Why do security types insist on inventing their own language?


It's a denial-of-service attack.

—Overheard at recent gathering of security types

We often refer to things involved in a conversation by name, for instance, Alice and Bob, whether the things are people or computers. This is a convenient way of making things unambiguous with relatively few words, since the pronoun she can be used for Alice and he can be used for Bob. It also avoids lengthy inter- (and even intra-) author arguments about whether to use the politically incorrect he, a confusing she, an awkward he/she or (s)he, an ungrammatical they, an impersonal it, or an incredibly awkward rewriting to avoid the problem. We remain slightly worried that people will assume when we've named things with human names that we are referring to people. Assume Alice, Bob, and the rest of the gang may be computers unless we specifically say something like the user Alice, in which case we're talking about a human.

With a name like yours, you might be any shape, almost.
—Humpty Dumpty to Alice (in Through the Looking Glass)

Occasionally, one of the three of us authors will want to make a personal comment. In that case we use I or me with a subscript. When it's a comment that we all agree with, or that we managed to slip past me3 (the rest of us are wimpier), we use the term we.

  • + Share This
  • 🔖 Save To Your Account