RE: ACTION-335 logotypes and ISSUE-96 discussion

Funny I thought crypto was not 100% effective, which is why crypto length
codes and algorithms have to be upgraded from time to time. Its all about
making the processing power necessary to exhaustively search through all
possibilities computationally infeasible with today's computer power. As the
computer power increases, the crypto needs to be stepped up.

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Friday, November 16, 2007 12:27 PM
To: pbaker@verisign.com
Cc: W3C WSC Public
Subject: RE: ACTION-335 logotypes and ISSUE-96 discussion

 


I will indulge in a rathole, in part, because I do think it represents an
important philosophical category for WSC participants, so that being
explicit about it and airing it will be a good thing long term for
discussions and consensus. 

> The reason that we tend to obsess at 100% is that cryptography 
> allows us to be pretty good at some aspects of technical security. 

I have another view about why 100% is important to some security people.
It's because, in security, anything less than 100% represents the
opportunity for attack. It is a vulnerability. Security people naturally
don't want vulnerabilities,and particularly don't want to be responsible for
any vulnerabilities. Even if the action they take represents, as you put it,
a risk reduction. It can be difficult, both personally and organizationally,
to be proud of and promote the risk reduction, while bearing the
responsibility for some of the subsequent risk. And that's even if you're
lucky enough to be able to articulate the risk reduction clearly. Not that
you've got a hope of being able to actually prove it.