- From: Mark Baker <distobj@acm.org>
- Date: Thu, 20 Jun 2002 13:46:21 -0400
- To: kreger@us.ibm.com
- Cc: www-ws-arch@w3.org
Hi Heather, On Thu, Jun 20, 2002 at 01:02:10PM -0400, kreger@us.ibm.com wrote: > I don't understand your conclusion. > Why would requiring security to be easily manageable reduce security? And > what do you mean by reduce security? This is what I sent to Roger off-line; I just meant that making it manageable does some things that are known to cause security problems, even with the best of intentions of not doing so. Things such as; - supplying an additional interface, which provides an additional point of attack - requires that security code be augmented with manageability code, which reduces security purely by providing more code in which security bugs can appear There might be others, but those are the two biggies. > Having it be in the management goal does not remove the requirement that > security be manageable. Right. But if, for example, the group agreed that requiring security to be manageable was too great of a security risk, then we could still say that we met our security goal. MB -- Mark Baker, CTO, Idokorro Mobile (formerly Planetfred) Ottawa, Ontario, CANADA. distobj@acm.org http://www.markbaker.ca http://www.idokorro.com
Received on Thursday, 20 June 2002 13:36:10 UTC