[143075] in cryptography@c2.net mail archive
Re: Obama's secure PDA
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Jan 27 12:44:39 2009
Date: Mon, 26 Jan 2009 21:26:10 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Ivan =?ISO-8859-1?Q?Krsti=3F?= <krstic@solarsail.hcs.harvard.edu>
Cc: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: <3CA8BF10-C7A2-415D-BFAA-09418B04101B@solarsail.hcs.harvard.edu>
On Mon, 26 Jan 2009 02:49:31 -0500
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> wrote:
> Finally, any idea why the Sect=C3=A9ra is certified up to Top Secret for =
=20
> voice but only up to Secret for e-mail? (That is, what are the =20
> differing requirements?)
>=20
I actually explained (my take on) that question to my class last week.
Quite simply, voice offers one service -- voice. Data offers many
services, and hence many venues for data-driven attacks: email (which
includes many MIME types) and probably clicking on URLs, web (which
includes HMTL, gif, jpeg, perhaps png, and almost certainly
Javascript), and perhaps data files including pdf, Word, Powerpoint,
and Excel. Any one of those data formats is far more complex than even
compressed voice; the union of them makes me surprised it can handle
even Secret data... Note especially that HTML involves IFRAMEs and
third-party images, which means inherent cross-domain issues.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
