- From: Jeffrey Walton <noloader@gmail.com>
- Date: Sun, 28 Dec 2014 16:37:53 -0500
- To: Chris Palmer <palmer@google.com>
- Cc: "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>, blink-dev <blink-dev@chromium.org>
On Sun, Dec 28, 2014 at 4:21 PM, Chris Palmer <palmer@google.com> wrote:
> On Sat, Dec 27, 2014 at 3:12 PM, Jeffrey Walton <noloader@gmail.com> wrote:
>
>> In this thread (https://www.ietf.org/mail-archive/web/websec/current/msg02261.html),
>> Chris Palmer suggested using shame as a security control.
>
> No, I did not. I hope that people followed the link and read the post.
Sorry to further this (but its important for me to understand). Here
was the statement:
If the device manufacturer is also taking administrative
control over devices in the field, then market pressure
such as those articles) is the only recourse.
So are you stating market pressure and public humiliation is not shaming?
Or are you stating that shame is not a security control?
Or something else?
(I agree with "shame is not a security control", but I understand the
usefulness of shame and public humiliation. It seems other find shame
useful, too, like Certificate Transparency).
Received on Sunday, 28 December 2014 21:38:20 UTC