I was hoping that we could avoid further rants on this topic.
Security is about risk control, not risk elimination. It is certainly
not the result of blind implementation of dogma.
The Authentication/Authorization distinction is a decomposition of
the problem that has value in certain circumstances but certainly
not all.
The design of the code signing services was to ensure that code
obtained through the web was at least as trustworthy as code bought
in a shrinkwrap box in a store. It was not to eliminate all possible
risks.
If you want to see an example of an environment that does provide
the degree of control you seek look at .NET.
However we do not need that degree of flexibility to solve our
problem here.
The perfect is the enemy of the good.
The ideological is the enemy of everything.
Phill
-----Original Message-----
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
[mailto:Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu]
Sent: Wednesday, March 12, 2003 5:52 PM
To: Hallam-Baker, Phillip
Cc: 'Vernon Schryver'; asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] DCC and IP checksums
On Wed, 12 Mar 2003 14:42:02 PST, "Hallam-Baker, Phillip"
<pbaker(_at_)verisign(_dot_)com> said:
Microsoft employ many people whose credentials in the
security world vastly
outrank your own. In addition to Roger Needham who recently
passed away,
Butler Lampson has been working for them for many years.
Microsoft also employs bozos who make mistakes.
If they *DIDNT* confuse "authentication" with
"authorization", please enumerate
the options besides "dont run code" and "run code". Is there
a "allow this
code to access network", or "allow this code to access temp
disk space only, no
user files", or....
It equates "signed and accepted" with "fully priveleged".
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg