W3C home > Mailing lists > Public > ietf-discuss@w3.org > July 1999

Re: IAB draft on security

From: Graham Klyne <GK@dial.pipex.com>
Date: Mon, 26 Jul 1999 14:32:43 +0100
Message-Id: <3.0.32.19990726105853.01607c00@pop.dial.pipex.com>
To: Jacob Palme <jpalme@dsv.su.se>
Cc: discuss@apps.ietf.org, smb@research.att.com
At 11:01 26/07/99 +0200, Jacob Palme wrote:

>The document, like many other security documents, tells too much 
>about what will not work, too little on what will work. It seems as 
>if security experts are better at telling you that something is 
>dangerous or might not be secure, than telling you how to get 
>security. I would prefer to get more practical advice with
>recommendations on how to get the security you want.

I think this is a fair comment, that may also reflect the very nature of
security.

I am reminded of a little game that is very prevalent on a certain desktop
operating system:  Minesweeper.  (The goal is to uncover a number of hidden
mines by stomping on all the squares that do NOT contain mines:  to stomp
on a mine is sudden death.)

Making systems secure seems a similar kind of activity:  experts can tell
us where mines are known to exist, but it is both imperative and very
difficult to deduce where mines certainly do not exist.

#g

------------
Graham Klyne
(GK@ACM.ORG)
Received on Monday, 26 July 1999 09:34:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:26 GMT