[Cryptography] Simpler programs?
Bill Frantz
frantz at pwpconsult.com
Sat Apr 19 11:11:59 EDT 2014
On 4/19/14 at 2:43 AM, ben at links.org (Ben Laurie) wrote:
>The nice thing about the file powerbox is you capture the user's
>intent through a familiar and reasonably clear interaction. Network
>sockets are trickier.
Absolutely agreed. But don't let the perfect be the fatal enemy
of the better. Even if we only have control on file access and
no control on network access, the only things the application
can leak are the files it has been given, not every file the
user can access, which is an improvement.
I think we can do better because many programs, e.g. web
browsers, that access the network don't make much use of the
user's files. Sure you explicitly up and down load files, but
those come in with standard file requestors.
The idea of limiting the sites a web browser can access seems
very difficult. Between links to resolve in-page content, and
caches like Akamai, there is almost no limit on the sites a
browser can legitimately access to render a page.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list