[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bit-split, or: the schizophrenia of trusted computing

From: Jonathan S. Shapiro
Subject: Re: bit-split, or: the schizophrenia of trusted computing
Date: Mon, 01 May 2006 14:07:23 -0400

On Mon, 2006-05-01 at 19:18 +0200, Marcus Brinkmann wrote:
> At Mon, 01 May 2006 12:47:14 -0400,
> "Jonathan S. Shapiro" <address@hidden> wrote:

> > In the absence of technical means of support, encapsulation *cannot* be
> > enforced in a share-access computing system.
> I used the word "enforce" above in the same sense as in "enforcing a
> law".  Using your definition, one can not enforce any law.  That may
> be true, but I think that the term is nevertheless commonly used in
> this way, and rightfully so.

In the context of discussions about computational protection mechanisms
and computational access policies, the term "enforce" is universally
used to refer exactly and exclusively to those actions that can be
mechanically prevented. In these discussions, the "social" sense of
"enforce" also has a technical term: "wishful thinking" (or sometimes it
is called a "flying pig", because no such enforcement mechanism has ever
been reliably observed to exist).

Because this usage is absolute and universal in the context of
protection mechanisms, PLEASE do not confuse the issue by using the
*legal* sense of enforcement (which simply isn't enforcement at all) in
any discussion about computer protection or policy. If you *must* use
it, be careful to qualify it, because it is being used in a context
where its default meaning is something else.

Do you agree with my statement that in the absence of OS support,
encapsulation cannot be enforced (in the sense that its violation cannot
be mechanically prevented) in a shared access computing system?

I will go further: in the absence of OS support, such violations cannot
(in general) even be *detected*, so the suggestion that their can be
deferred to social or legal enforcement actually means that you are
declaring that these types of encapsulation can be violated without any
human consequence at all -- or at least that the possibility of such a
violation with serious human consequence places the problem domain, by
definition, outside of the applications that are "of interest to the


reply via email to

[Prev in Thread] Current Thread [Next in Thread]