Reliance on Microsoft called risk to U.S. security

Jeroen C.van Gelderen jeroen at vangelderen.org
Sat Sep 27 22:36:46 EDT 2003 

On Saturday, Sep 27, 2003, at 20:31 US/Eastern, Zooko wrote:

>  "Jeroen C. van Gelderen" <jeroen at vangelderen.org> wrote:
>>
>> There is no way around asking the user because he is the ultimate
>> authority when it comes to making trust decisions. (Side-stepping the
>> issues in a (corporate) environment where the owner of the machine is
>> entitled to restrict its users in any way he sees fit. The point is
>> that the software agent cannot make trust decisions.)
>
> ... but you don't always have to *ask* the user, if instead you can 
> infer from
> actions that the user already performs.

Oops, I didn't mean to imply that you'd have to ask as much as happens 
at present! Automatically inferring is pretty much required if Alice is 
to be able to do a whole day's worth of work without seeing any popups 
in the steady case. You only ask Alice when you cannot otherwise 
reliably infer her intentions; That will be necessary at some point. 
The remaining questions that do get asked then are meaningful and do 
not condition towards a knee-jerk Click-Yes reaction.

> I used to think that a capability desktop would be severely hobbled by 
> the
> requirement that the user state a plethora of privilege rules, until I 
> saw
> Marc Stiegler's CapDesk demo at the second O'Reilly Emerging 
> Technologies
> conference.
>
> In that demo, a perfectly familiar desktop with "File -> Open" and
> "File -> Save As" dialogs also serves as a Least-Privilege-enforcing 
> access
> control system which protects even a naive and lazy user from a 
> malicious text
> editor.

And you can even download and try it for yourself as all of CapDesk is 
freely available. If that is too much, just download Marc's video 
demonstration [1]:

  http://www.erights.org/talks/skynet/index.html

I truly don't know how much more helpful one can get in order to dispel 
the perpetuation of these security myths?

> See also Ping Yee's research in secure Human Interface.

http://www.sims.berkeley.edu/~ping/sid/

-J

[1] I don't know why the video is available in M$ proprietary format 
only though :(

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list