Obama's secure PDA
Steven M. Bellovin
smb at cs.columbia.edu
Mon Jan 26 21:26:10 EST 2009
On Mon, 26 Jan 2009 02:49:31 -0500
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> wrote:
> Finally, any idea why the Sectéra is certified up to Top Secret for
> voice but only up to Secret for e-mail? (That is, what are the
> differing requirements?)
>
I actually explained (my take on) that question to my class last week.
Quite simply, voice offers one service -- voice. Data offers many
services, and hence many venues for data-driven attacks: email (which
includes many MIME types) and probably clicking on URLs, web (which
includes HMTL, gif, jpeg, perhaps png, and almost certainly
Javascript), and perhaps data files including pdf, Word, Powerpoint,
and Excel. Any one of those data formats is far more complex than even
compressed voice; the union of them makes me surprised it can handle
even Secret data... Note especially that HTML involves IFRAMEs and
third-party images, which means inherent cross-domain issues.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list