- From: <noah_mendelsohn@us.ibm.com>
- Date: Tue, 14 Nov 2006 21:02:03 -0500
- To: John Cowan <cowan@ccil.org>
- Cc: Vincent Quint <Vincent.Quint@inrialpes.fr>, www-tag@w3.org
John Cowan writes: > That's part of my point, but not the most significant part, I think. > My other point (expressed in the blog posting) was that "in the clear" > and "secure" are endpoints in a security spectrum in which there are > good reasons for having more than no, and less than total, security. Yes. Stated differently, my proposed wording gives us a somewhat more concrete definition of what it means to be "in the clear", and thus a framework in which to talk about levels of security implementation. I think you're pointing out that there's a separate but related dimension, which is the spectrum of user requirements. If I understand correctly, you're saying "Some users really want very strong protection against access by anyone other than the intended recipients of the message. At the far end of the spectrum are users who have essentially no requirement for limiting access to their data or applications. Yet others may fall along the spectrum in between: those in this 3rd category may want to erect more modest barriers against access, either because the need for protection is correspondingly low, or because the very fact that even straightforward "cracking" is required is sufficient to signal socially, and perhaps even legally in some cases, that access by unauthorized users is not desired. " Putting even a moderately good lock on my door serves as a signal that you're not supposed to come in without the key, right?s If I've understood you correctly, I think those are good points, and complementary to the ones I was trying to make. Do you have specific suggestions for how you'd change the finding? Thank you. Noah -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Wednesday, 15 November 2006 02:02:23 UTC