![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Sat, 27 Sep 2003 22:36:46 -0400 Cc: Victor.Duchovni@morganstanley.com, "Bill Frantz" <frantz@pwpconsult.com>, "Ian Grigg" <iang@systemics.com>, cryptography@metzdowd.com To: "Zooko" <zooko@zooko.com> From: Jeroen C.van Gelderen <jeroen@vangelderen.org> In-Reply-To: <E1A3PTQ-0004oP-00@localhost> On Saturday, Sep 27, 2003, at 20:31 US/Eastern, Zooko wrote: > "Jeroen C. van Gelderen" <jeroen@vangelderen.org> wrote: >> >> There is no way around asking the user because he is the ultimate >> authority when it comes to making trust decisions. (Side-stepping the >> issues in a (corporate) environment where the owner of the machine is >> entitled to restrict its users in any way he sees fit. The point is >> that the software agent cannot make trust decisions.) > > ... but you don't always have to *ask* the user, if instead you can > infer from > actions that the user already performs. Oops, I didn't mean to imply that you'd have to ask as much as happens at present! Automatically inferring is pretty much required if Alice is to be able to do a whole day's worth of work without seeing any popups in the steady case. You only ask Alice when you cannot otherwise reliably infer her intentions; That will be necessary at some point. The remaining questions that do get asked then are meaningful and do not condition towards a knee-jerk Click-Yes reaction. > I used to think that a capability desktop would be severely hobbled by > the > requirement that the user state a plethora of privilege rules, until I > saw > Marc Stiegler's CapDesk demo at the second O'Reilly Emerging > Technologies > conference. > > In that demo, a perfectly familiar desktop with "File -> Open" and > "File -> Save As" dialogs also serves as a Least-Privilege-enforcing > access > control system which protects even a naive and lazy user from a > malicious text > editor. And you can even download and try it for yourself as all of CapDesk is freely available. If that is too much, just download Marc's video demonstration [1]: http://www.erights.org/talks/skynet/index.html I truly don't know how much more helpful one can get in order to dispel the perpetuation of these security myths? > See also Ping Yee's research in secure Human Interface. http://www.sims.berkeley.edu/~ping/sid/ -J [1] I don't know why the video is available in M$ proprietary format only though :( --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |