[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: spec for wire format of SPKI cert

At  8:22 AM 8/29/96 -0500, Brian M. Thomas wrote:
>Thanks, Bill.  I now understand your point.  I think it gets back to an
>earlier comment of Carl's about trusting the users.  My point has
>always been that giving a privilege to a user implies complete trust
>that the user will do what is appropriate with it.  What the user does
>with it is his responsibility, but that is outside the scope of the
>authorization system.  No security system can keep me from telling
>someone inappropriately what I've learned appropriately, and I think
>that's your point.  I sort of thought it went without saying; perhaps
>not.  At minimum, it's important to remember it.

The problem the mandatory sections of the NCSC Orange Book address is that
you are not only trusting the human user, but you are also trusting the
software s/he is running.  If that software contains a Trojan horse, then
you are both at risk.

Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA