[1187] in WWW Security List Archive
Re: Security via Sounding Impressive
daemon@ATHENA.MIT.EDU (Adam Shostack)
Mon Nov 20 21:09:54 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: rtor@ansa.co.uk (Owen Rees)
Date: Mon, 20 Nov 1995 18:13:49 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <9511201210.AA23684@plato.ansa.co.uk> from "Owen Rees" at Nov 20, 95 12:10:20 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Owen Rees wrote:
| Unfortunately, it is all too common for a label to be attached to
| something in the hope that this will magically cause the implied
| properties to appear. For example, it is much better to call a server
| "trusted" than "trustworthy", it does at least make it possible to
| argue that there is a decision to be made about trust (this example is
| taken from a real incident!)
Better yet, call it a trusted server offering only WWW service, and
strongly authenticated ftp. This allows you to quantify your trust,
and if your scans detect something on telnetd's port, you know
there is a problem in that your model and reality have diverged.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
