[17782] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Anti-fraud] Re: the limits of crypto and authentication

daemon@ATHENA.MIT.EDU (Ka-Ping Yee)
Mon Jul 11 13:39:09 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 10 Jul 2005 04:41:30 -0500 (CDT)
From: Ka-Ping Yee <cryptography@zesty.ca>
To: anti-fraud@lists.cacert.org
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
	cryptography@metzdowd.com
In-Reply-To: <42D0F22D.6090901@cs.biu.ac.il>

On Sun, 10 Jul 2005, Amir Herzberg wrote:
> But... crypto and authentication, imho, are the best tools to prevent
> such malware from being installed.

I disagree.  Limited authority is the best way to prevent such malware
from being installed (and, if installed, from causing harm).

The premise that all software can be divided into categories of "good"
and "evil" is a deeply flawed foundation on which to build security.


-- ?!ng

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17782] in cryptography@c2.net mail archive

Re: [Anti-fraud] Re: the limits of crypto and authentication

daemon@ATHENA.MIT.EDU (Ka-Ping Yee)Mon Jul 11 13:39:09 2005

daemon@ATHENA.MIT.EDU (Ka-Ping Yee)
Mon Jul 11 13:39:09 2005