double shot of snake oil, good conclusion
Hagai Bar-El
info at hbarel.com
Tue Mar 11 03:55:14 EST 2003
Tal,
I am in full agreement with your opinion. I do not think security is an
"all or nothing" property, and I do think that mechanisms can be considered
effective even if they do not protect against attackers with some level of
skill or motivation. After all, there is no complete security and security
is, and has always been, considered as "perceived assurance".
I do not think that a fact that a mechanism can be somehow circumvented
makes it useless. "Keepng the honest people honest" is a good enough
legitimation for a mechanism to exist as well as "moving the bar higher".
However, the only problem I can see in this case is the opening of a
possibility of a false sense of security. Security mechanisms do not have
to be perfect, but their perceived strength by their users shall be set right.
For this I personally think that the mechanism is great and useful, but
should be presented by Microsoft accordingly, hence: as a useful
security-related feature, not as a complete bullet-proof protection tool.
Hagai.
Hagai Bar-El - Information Security Analyst
Tel.: 972-8-9354152 Fax.: 972-8-9354152
E-mail: info at hbarel.com Web: www.hbarel.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list