@SteveBellovin, do you have any objection to me blogging on a site named rethinking-security.org ? If you do object, I will find another name. And I will make it clear that I am not you, but that the name is an allusion to Thinking Security.
I want to talk about cases where conventional wisdom (in various circles) may need some rethinking.
@SteveBellovin, when I was at 1Password, I ran a “book club” for the security team using “Thinking Security”. I was able to fill in for details that were out of date.
The next year I did the same with @veorq’s “Serious Cryptography”.
(Hey, JP. It's an outstanding book, but my most serious recommendation for a 3rd edition is that you do RSA after EC and ECDH. Understanding why RSA works requires all the math of DH and more.) You can find my slides on those chapters at https://jpgoldberg.github.io/sec-training/ )
@SteveBellovin, I also had the pleasure of explaining many of the jokes and allusions to a younger generation.
For example, you mentioned the Bank of San Seriffe. This led not only to me explaining that number of digits of decimal expansion of 𝜋 I know depends of the number of bugs found in TeX, but on the dangers of using knowledge of a record locator, such as a bank account numbers, as an authentication proof.
Jeffrey Goldberg
Steve Bellovin