[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Other *-forms for dates and times, and love
>
> However, if the verifier allows me to read your private mail, there is
> nothing which prevents me from spamming it across the universe, or more
> likely, forwarding copies to badguys.org.
>
The point being, of course, that once you have the information, it's no
longer necessary to read my files, because it's now in your files, so
that no permission scheme I implement can control it.
This will always be the upper bound on all security schemes: not the
trust mechanism, but the appropriateness of the trust-granting choices,
which is not at all a technical matter. The schemes we implement are
targeted at enforcing our choices, not proving that they are wise ones.
brian
Brian Thomas, CISSP - Distributed Systems Architect bt0008@entropy.sbc.com
Southwestern Bell bthomas@primary.net
One Bell Center, Room 34G3 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 235 0162
Follow-Ups: