On Mon, Feb 18, 2008 at 03:34:50PM -0800, Hallam-Baker, Phillip wrote:
In the scenario I gave, the data I wish to stop the kids accessing
is already on my network, net nanny is totally useless in this
instance. Let us imagine that I have a configuration that consists
of one Vista machine and one Home Server on which there is stored a
collection of ripped DVDs of video nasties, you know The Sound of
Music, Care Bears Movie etc. some of the nastiest films I have
seen. I do not with the kids tastes to be corrupted by this rubbish.
Heh. From the Capitol Step's, "All I Want For Christmas Is A Tax
Increase" album:
http://www.amazon.com/gp/music/wma-pop-up/B000003JOO001001/ref=mu_sam_wma_001_001
Security cannot be effective when it is provided in the form of a
DIY assembly required project. But thats what the field has been
doing.
I'm afraid it's worse than that. As long as we provide general
purpose computers, and some insiders that are determined to bring home
databases filled with SSN so they can do work in the evenings, or
children who know more about computers than their parents and who are
determined download videos of "Barney does Dallas", I'd claim is
pretty much impossible to solve the particular security problem which
you are worried about.
And I'm not sure people are really willing to accept computers with
the sorts of controls that would prevent these sorts of attacks on
data. Look at the resistence to Microsoft's Palladium project by
people such as Ross Anderson. (http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html)
Most consumers are far more focused on the sorts of abuse that could
be perpetrated by Hollywood, the Music Industry, and Microsoft, rather
than problems with databases filled with US Military personnel's
credit information getting stolen out of unsecured laptops of
incompentent government bureaucrats. One could have a debate about
whether this is a correct assessment of risks by the consumer and by
organizations like EFF and EPIC, but it's reality that won't be easily
changed.
In any case, this is a bit of a rathole from the original discussion,
I suspect....
- Ted
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf