I think I recall Alice and Bob also being mentioned along side Louis Reasoner in SICP problem sets in ‘81 or ‘82…
(Edit) well, according to Wikipedia, the cast of characters for SICP doesn’t include Alice and Bob. In those years the book didn’t exist yet.
I can't tell. Is this in part a veiled (or not so veiled) criticism of the RSA authors for introducing a female name into the literature, in an explicitly equal manner (the "A" and "B" characters communicate as equals), at a time when most business and technical writing defaulted to "he" for all characters? If so, as someone who saw the chauvinistic era in which the first of the cited papers was written, I would encourage these modern authors to one day recognize that expanding rights and expanding acceptance in society is a long slow process. The fact that you can see more you think those who came before you should have done does not mean those things you want today would have been possible then, or possible today without the incremental progress delivered by earlier agents of change.
Alice and Bob are a couple, and like most couples, there is a woman and a man. The names are short, memorable, and start with A and B. It is natural to choose a couple, as couples often have private conversations. Charlie, probably from the NATO/ICAO alphabet. Eve, like eavesdropper. Malory, like malicious. Trent, like trust.
If there is something special about Alice, I will be more tempted to think about the most famous Alice, the one in Wonderland. Besides the nice story, Lewis Carrol, author of "Alice's Adventures in Wonderland", real name Charles Dodgson was also a mathematician, and he dabbed in cryptography.
From the article: “In the history of cryptology, women tend to be either systematically excluded or reduced to objects. The absence of women is both a reflection of the bias of society and historians, and a gap in the employment of women in computing fields.”
What are you are seeing in the article that suggests a “criticism” of the introduction of Alice?
I don't know about GP's view, but to me this does seem like a criticism:
"Women have a long history of being depicted as technical objects in computing... gendered assumptions about the characters of Alice and Bob have been read into their fictional lives. Images of Alice, Bob, and Eve depict the three as in love triangles, with Alice and Eve alternately portrayed as disrupting one another’s blissful domestic life with Bob. Visual depictions of Alice, Bob, Eve, and others used in university classrooms and elsewhere have replicated and reified the gendered assumptions read onto Alice and Bob and their cryptographic family, making it clear that Bob is the subject of communications with others, who serve as objects, and are often secondary players to his experience of information exchange. Thus, while Rivest, Shamir, and Adleman used the names “Alice” and “Bob” for a sender and receiver as a writing tool, others have adapted Alice and Bob, in predictable, culturally-specific ways that have important consequences for subsequent, gendered experiences of cryptology."
The previous paragraph criticized Ivan Sutherland for so much as drawing a girl's face with sketchpad, so in context this does seem
to be critical of RSA.
Articles like this give the impression that any woman who wanted enter Computer Science during these years would have been not taken seriously and pushed out of the field.
I’ll never be able to fully appreciate the difficulty any did face during that time, and to the degree I was ignorant due to a position of privilege I regret my lack of greater initiative.
Entering my CS program I recall (and lamented) the lack of representation even in 100-200 level courses. Women were not choosing this field in great numbers, but what part of nature, nurture and societal influence resulted in this? Clearly, the issues start before formal education.
Now, with my own daughter ready to start the same major in less than a year’s time, I’m still contemplating the same issues with more than a passive interest.
This dynamic is ironic because the very first generation of programmers was very gender-integrated - albeit for sexist reasons: the population drew from "computers", who were largely women. My mother-in-law had a career as a Fortran and COBOL developer and then instructor in the sixties and seventies (which she doesn't think is nearly as cool as I do). At some point it switched (my guess is when the profession became more highly-remunerated). I'd like it to switch back, more quickly.
Based on living in the 80s and pop culture at the time, I have a suspicion: "nerds" weren't cool at all. To do anything with a computer or electronics was seen as the most "non-cool" thing you could do. At the time, women seemed to have all the social control and never did anything (or very rarely, at least) "non-cool."
Thus, I suspect any women interested in the field were pushed away from it by their peers, and women's peer pressure is (traditionally) stronger than men's peer pressure (see Mean Girls for reference).
Anyway, that's my own two cents colored by a childhood.
I agree entirely very much that it starts very early. It is how children's interests are formed. My older daughter is an electrical engineer, a field in which there are few women. When she was doing A levels (UK exams sat at 18, typically 3 subjects, supposedly APs are the nearest US equivalent, some other countries have similar) she was the only girl doing electronics, but there were a reasonably number doing physics and maths. This was despite the college (meaning British 16 to 18 type) making considerable efforts to encourage girls - but it was far to late. Girls are doing the S and the M of STEM but not the T and the E. I think that has a lot to do with how kids are brought up (e.g. boys helping dad when he is fixing things things but not girls - and it is still usually dad who is fixing things!)
I think what interested my daughter was doing a lot of things I found interesting because she spent a lot of time with me - she was home ed for some formative years (which i also think helped prevent her picking up some stereotype of what women should do), and I worked from home when she was about an year old.
My younger daughter may or may not go into an engineering or tech career, but it is definitely an option that is interesting.
Women have been part of the field of computer science since the very beginning. Ada Lovelace has a language named after her and arguably was the first programmer. She programmed the at that point theoretical machine created by Charles Babbage. The pattern of female programmers continues when computers really became practical. During WW II, Bletchley park was famously staffed by female computers. And the Eniac had several female mathematicians working on it. A female mathematician named Margaret Hamilton became a programmer at Nasa and ended up heading the team that built the on board flight software for the Appollo program. She also later coined the term software engineering.
It's true that not a lot of woman pursue careers in math, science, etc. That's true today even when there are fewer obstacles than ever for them to do so and a lot of companies, universities, etc. are under pressure to have diversity in their staff and leadership.
It isn't a site about cryptography. Its a site about Alice and Bob.
If I had to guess (I don't but I will!) I would say that not using https was a conscious decision. If I really had to guess ... calling out cargo culting with regards always insisting on https because encrypt everything is good, plain text bad.
"Attack surface" in this case, boils down to bugs and fuck ups. "Massive" is subjective but justified in my opinion too. A message delivered via http or https is the same - one is encrypted on wire and one is not. There is a minimal cost of encryption these days. We are long past the point where a CPU gets bogged down with it.
I still contend that "everything should be encrypted" is cargo culting:
An unencrypted webby stream does not expose a browser to anything nastier than an encrypted webby stream. The eventual payload is the same, regardless of the transport. The difference is that the browser has to use vastly more code paths to do the same job of receive -> display. It has to decrypt the stream. That additional complexity introduces vastly more possibilities for bugs.
So, I think you should pick your medium with care. I do think that https is a safe transport for all messages and do routinely use it myself. I have done a risk assessment on it - I don't simply use it because everyone else says its a good idea 8)
I deliberately used the pejorative term "cargo cult" in this discussion.
> An unencrypted webby stream does not expose a browser to anything nastier than an encrypted webby stream. The eventual payload is the same, regardless of the transport.
No, my point is that an unencrypted payload is controlled by anyone on your network path (your ISP, anyone on the same open WiFi, ...), so it can be nastier than an encrypted payload. Remember that TLS provides not just encryption, but also authentication.
We are now in the realms of risk management etc. An unencrypted TCP stream still has sequence numbers - famously abusable in the past. You can still use them to be reasonably sure that your stream is untampered with, with care.
I'm talking about integrity - ie what I sent is what you received or what I requested you to send is what I received.
TLS does only provide encryption, it does not authenticate anything. You can use TLS as a wrapper for auth - to make the exchange private or you could pre-arrange a swap of public keys (certificates) via a method that is mutually agreed. That mutually agreed bit is the authentication part but it has nothing to do with TLS per se.
You click on a website link that starts with https://, most people allow their browser to use its trust store to decide whether to proceed. Increasingly, browsers are becoming opinionated about this, which is bloody annoying for IT bods.
Should you trust MS/Google/Apple/KDE/Mozilla int al to tell you who is trustworthy? No and they don't really (tell you who is trustworthy! All they do is tell you which certification authorities follow the rules. There are not too many rules and they certainly do not ensure anything as such. What you are nearly guaranteed is that if you use things like "Perfect Forward Secrecy" (which cannot be perfect, by definition) and a few other tricks ... your conversation is probably private.
Authentication is a whole new ball game as they say several thousand miles to my left and down a bit!
