[14319] in cryptography@c2.net mail archive
Re: Reliance on Microsoft called risk to U.S. security
daemon@ATHENA.MIT.EDU (Jeroen C.van Gelderen)
Sun Sep 28 12:20:10 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 27 Sep 2003 22:36:46 -0400
Cc: Victor.Duchovni@morganstanley.com,
"Bill Frantz" <frantz@pwpconsult.com>,
"Ian Grigg" <iang@systemics.com>, cryptography@metzdowd.com
To: "Zooko" <zooko@zooko.com>
From: Jeroen C.van Gelderen <jeroen@vangelderen.org>
In-Reply-To: <E1A3PTQ-0004oP-00@localhost>
On Saturday, Sep 27, 2003, at 20:31 US/Eastern, Zooko wrote:
> "Jeroen C. van Gelderen" <jeroen@vangelderen.org> wrote:
>>
>> There is no way around asking the user because he is the ultimate
>> authority when it comes to making trust decisions. (Side-stepping the
>> issues in a (corporate) environment where the owner of the machine is
>> entitled to restrict its users in any way he sees fit. The point is
>> that the software agent cannot make trust decisions.)
>
> ... but you don't always have to *ask* the user, if instead you can
> infer from
> actions that the user already performs.
Oops, I didn't mean to imply that you'd have to ask as much as happens
at present! Automatically inferring is pretty much required if Alice is
to be able to do a whole day's worth of work without seeing any popups
in the steady case. You only ask Alice when you cannot otherwise
reliably infer her intentions; That will be necessary at some point.
The remaining questions that do get asked then are meaningful and do
not condition towards a knee-jerk Click-Yes reaction.
> I used to think that a capability desktop would be severely hobbled by
> the
> requirement that the user state a plethora of privilege rules, until I
> saw
> Marc Stiegler's CapDesk demo at the second O'Reilly Emerging
> Technologies
> conference.
>
> In that demo, a perfectly familiar desktop with "File -> Open" and
> "File -> Save As" dialogs also serves as a Least-Privilege-enforcing
> access
> control system which protects even a naive and lazy user from a
> malicious text
> editor.
And you can even download and try it for yourself as all of CapDesk is
freely available. If that is too much, just download Marc's video
demonstration [1]:
http://www.erights.org/talks/skynet/index.html
I truly don't know how much more helpful one can get in order to dispel
the perpetuation of these security myths?
> See also Ping Yee's research in secure Human Interface.
http://www.sims.berkeley.edu/~ping/sid/
-J
[1] I don't know why the video is available in M$ proprietary format
only though :(
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
