[145526] in cryptography@c2.net mail archive
Re: Five Theses on Security Protocols
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Sat Jul 31 18:03:14 2010
Date: Sat, 31 Jul 2010 13:01:26 -0400
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: "Perry E. Metzger" <perry@piermont.com>
CC: cryptography@metzdowd.com
In-Reply-To: <20100731123239.2efc2f51@jabberwock.cb.piermont.com>
corollary to "security proportional to risk" is "parameterized risk management" ... where variety of technologies with varying integrity levels can co-exist within the same infrastructure/framework. transactions exceeding particularly technology risk/integrity threshold may still be approved given various compensating processes are invoked (allows for multi-decade infrastructure operation w/o traumatic dislocation moving from technology to technology as well as multi-technology co-existence).
in the past I had brought this up to the people defining V3 extensions ... early in their process ... and they offered to let me do the work defining a V3 integrity level field. My response was why bother with stale, static information when real valued operations would use much more capable dynamic, realtime, online process.
--
virtualization experience starting Jan1968, online at home since Mar1970
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
