W3C home > Mailing lists > Public > ietf-discuss@w3.org > July 1999

Re: IAB draft on security

From: Graham Klyne <GK@dial.pipex.com>
Date: Mon, 26 Jul 1999 14:32:46 +0100
Message-Id: <>
To: Jacob Palme <jpalme@dsv.su.se>
Cc: discuss@apps.ietf.org, smb@research.att.com
At 11:01 26/07/99 +0200, Jacob Palme wrote:

>The document, like many other security documents, tells too much 
>about what will not work, too little on what will work. It seems as 
>if security experts are better at telling you that something is 
>dangerous or might not be secure, than telling you how to get 
>security. I would prefer to get more practical advice with
>recommendations on how to get the security you want.

I think this is a fair comment, that may also reflect the very nature of

I am reminded of a little game that is very prevalent on a certain desktop
operating system:  Minesweeper.  (The goal is to uncover a number of hidden
mines by stomping on all the squares that do NOT contain mines:  to stomp
on a mine is sudden death.)

Making systems secure seems a similar kind of activity:  experts can tell
us where mines are known to exist, but it is both imperative and very
difficult to deduce where mines certainly do not exist.

Received on Monday, 26 July 1999 09:34:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:38:00 UTC