Re: [HDP] Secure by design

Joshue O Connor wrote:
> Robert Burns wrote:
>>> I will say that DRM, as hated as it is, is still very much the same
>>> security we're talking about here. Although security is a part of
>>> denying access (as the DRM case drives home), we should still seek to
>>> ensure security even if we know it might be misused (as DRM so often is).
> 
> I also think DRM is a useful example, although Lachlan disagrees. It is
> a slightly different domain but only slightly to what we are discussing
> as it does deal with providing security to content delivered over
> HTTP/FTP protocols - but IMO it is not an entirely inappropriate model
> to reference.

DRM is designed to restrict the user's access to content in order to 
protect the intellectual property of the content producer.  The security 
that the Secure By Design principle is referring to is about protecting 
the user and their system from hostile content producers.  For example, 
preventing cross-domain scripting attacks, restricting access to a users 
file system, etc.  Any feature designed to impair, rather than protect, 
the user (like DRM) is not relevant.

-- 
Lachlan Hunt
http://lachy.id.au/

Received on Thursday, 23 August 2007 09:14:10 UTC