W3C home > Mailing lists > Public > public-html@w3.org > August 2007

Re: [HDP] Secure by design

From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Date: Thu, 23 Aug 2007 19:13:52 +1000
Message-ID: <46CD4FD0.8020008@lachy.id.au>
To: joshue.oconnor@cfit.ie
CC: Robert Burns <rob@robburns.com>, public-html <public-html@w3.org>

Joshue O Connor wrote:
> Robert Burns wrote:
>>> I will say that DRM, as hated as it is, is still very much the same
>>> security we're talking about here. Although security is a part of
>>> denying access (as the DRM case drives home), we should still seek to
>>> ensure security even if we know it might be misused (as DRM so often is).
> I also think DRM is a useful example, although Lachlan disagrees. It is
> a slightly different domain but only slightly to what we are discussing
> as it does deal with providing security to content delivered over
> HTTP/FTP protocols - but IMO it is not an entirely inappropriate model
> to reference.

DRM is designed to restrict the user's access to content in order to 
protect the intellectual property of the content producer.  The security 
that the Secure By Design principle is referring to is about protecting 
the user and their system from hostile content producers.  For example, 
preventing cross-domain scripting attacks, restricting access to a users 
file system, etc.  Any feature designed to impair, rather than protect, 
the user (like DRM) is not relevant.

Lachlan Hunt
Received on Thursday, 23 August 2007 09:14:10 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:25 UTC