That's gratitude for ya...
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Feb 16 23:23:06 EST 2005
Rich Salz <rsalz at datapower.com> writes:
>Why would mozilla embed this? If they came here, to the putative experts,
>for an evaluation, they'd leave thinking Amir and company just invented
>Rot-13. It's not that. It's also not perfect. BFD -- you got anything
>better?
This ties in to one of my favourite articles on security usability, "Good-
Enough Security: Toward a Pragmatic Business-Driven Discipline", Ravi Sandhu,
IEEE Internet Computing, Vol.5, No.3 (January/February 2003), p.66, or
http://www.list.gmu.edu/journals/ic/03-sandhu-good.pdf if you don't get the
print version. This contains observations like:
How many security engineers would it take to design a system for ATM
security today? I don't think it could be done. We would be debating
biometric-enabled smartcards, assurance, protection profiles, denial of
service, non-repudiation, viruses and buffer-overflow attacks till we were
blue in the face. There is no way that such a system with "good enough"
security could be designed and built today on the basis of conventional
security wisdom. Yet it happened. And it works.
The author offers three design principles for good-enough security:
1. Good enough is good enough.
2. Good enough always beats perfect.
3. The really hard part is determining what is good enough.
I think Trustbar does a pretty good job of getting (3) right.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list