Marc de Graauw: | > If we consider this from an economical perspective, | passwords in the clear | > would be appropriate in cases where: | > - the value of the protected information is nil for a | malicious intruder; John Cowan: | I don't think that's an issue. In most of the cases above, | the information | (or action, in the case of password-protected posting) is of | some use to | a malicious intruder, especially a motiveless one like a vandal. You're quite right that in the cases you cite, and in current practice, this is not an issue, but if an economical criterion is used as an architectural pinciple, the first criterion must stay. If we for instance use passwords-in-the-clear to protect transactions whose value is 0.001 dollarcents, and every Internet user occasionally uses this scheme, the case fulfills the second criterion (the value of the transaction is very small for me), but passwords-in-the-clear protection will miserably fail because the sheer numbers make it worth attacking. Like spam, the very small value of the individual spam email adds up to make it an economically viable activity. Of course I should have written "monetary value", the perceived value of the joy of looking at information one is not supposed to see is not much of an issue. John Cowan: | > - the damage of publication of the protected information is | practically nil, | > or at least very small, for the publisher. | | This is the real point (note that in the case of credit-card numbers, | it's the client who is the "publisher"). | | > Admittedly, most cases won't fulfil the second criterion, | but some will. | | I think that most cases do, and that requiring all these cases to use | secure authentication serves no one's interests except those | who charge | a lot of money for certificates of authentication. I agree. MarcReceived on Friday, 15 December 2006 08:35:59 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:56:04 GMT