W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

RE: ACTION-335 logotypes and ISSUE-96 discussion

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 16 Nov 2007 12:27:25 -0500
Cc: "W3C WSC Public" <public-wsc-wg@w3.org>
Message-ID: <OF7E6F24B3.9319900A-ON85257395.005F699E-85257395.005FE4EE@LocalDomain>
To: pbaker@verisign.com
I will indulge in a rathole, in part, because I do think it represents an 
important philosophical category for WSC participants, so that being 
explicit about it and airing it will be a good thing long term for 
discussions and consensus. 

> The reason that we tend to obsess at 100% is that cryptography 
> allows us to be pretty good at some aspects of technical security. 

I have another view about why 100% is important to some security people. 
It's because, in security, anything less than 100% represents the 
opportunity for attack. It is a vulnerability. Security people naturally 
don't want vulnerabilities,and particularly don't want to be responsible 
for any vulnerabilities. Even if the action they take represents, as you 
put it, a risk reduction. It can be difficult, both personally and 
organizationally, to be proud of and promote the risk reduction, while 
bearing the responsibility for some of the subsequent risk. And that's 
even if you're lucky enough to be able to articulate the risk reduction 
clearly. Not that you've got a hope of being able to actually prove it. 
Received on Friday, 16 November 2007 17:27:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT