l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Jonathan S. Shapiro
Subject: Re: Hurdish applications for persistence
Date: Thu, 13 Oct 2005 10:23:53 -0400 
On Thu, 2005-10-13 at 15:58 +0200, Alfred M. Szmidt wrote:
>    > I have no confusion about the matter.  You want `paranoid security', I
>    > want a usable system.
> 
>    I want both.
> 
> Impossible.  And you should know that.

Interesting. This is a rather strong assertion. Can you substantiate it,
or is it just wind?

You have not given an argument for why strong security is necessarily
unusable. You have not even responded to some of the examples I have
posted which suggest (by example) that you are very probably wrong.

I *do* agree that many previous high security designs *have* been
unusable. Historically, there have been two reasons:

 1. Multilevel security really *is* invasive, and this has been
    the most commonly implemented security policy. But we are
    not contemplating a multilevel secure system here.

 2. ACL-based security is very hard to construct in such a way
    that the security fits into the flow of the users actions
    in a natural and non-intrusive way.

In our experience, capabilities *can* be be used in a natural and
non-intrusive way.

So I would really like to hear a reasoned, coherent argument supporting
your position. A sound argument should certainly consider and respond to
the many designs that have been implemented in this space, and address
what you think is wrong with them.

Obviously, I think it's just wind. The problem, Alfred, is that
amplitude is negatively correlated with credibility.


shap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]