Security is a space in which intuition does not serve us well.
Therefore, I have formed the habit over the decades of starting the answer to questions that are put me with the words, "The principle is…….."
Having stated the guiding principle for my answer, I go on to answer the question.
This procedure does not always lead me to a simple and correct answer but it has served very well to prevent me from giving erroneous answers.
For example, one of the questions frequently put to me is, "Is thus-and-so mechanism secure."
The temptation to answer this question yes or no is often so strong as to be almost irresistible.
However, in this case the principle is, "Nothing useful can be said about the security of a mechanism except in the context of a specific application and environment."
Restating the principle reminds one that answering the question as asked invites one to say something foolish .