Re: Design principles and ethics

[Bas Wijnen]

On Wed, May 03, 2006 at 12:16:09PM -0600, Christopher Nelson wrote:
> So the basic security argument that is being made is that:
> 
> A) There is a set of programs (services) that are under no one's
> authority, these constitute the TCB.
> 
> B) There is a primordial arena that is opaque to everyone, from whence a
> user session is generated.
> 
> C) The user has complete control of their own session, which means the
> implicit ability to examine and/or change all code and data to which the
> session has access.
> 
> Is this correct?

Yes, I think so.

Note that this ability to examine and/or change doesn't have to be easy.  For
example, it's useful to make it hard to change the password other than through
a secure method.  Here secure means that you cannot mess up in a way that
leaves your session unreachable.  However, "hard" is not "impossible". :-)

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature