[cap-talk] capabilities Q - charts review + comments

[Karp, Alan H]

Jed wrote:
> 
> Hmmm.  Since it comes with the OS then might it not seem to
> be as trusted as the OS?  I accept your statement that the example
> is effective.  To me the example of something like a codec that
> I may have to pull down off the Web from some unknown source/
> author and that should also have very limited authority, but
> must be run as a full authority Trojan, is more compelling.
> 
As soon as you mention downloading software, people say "Of course
that's dangerous, but I'd never do it."  The fact that Solitaire comes
with the OS avoids that line of reasoning.
> >
> >I've also found that example a bit convoluted for the 
> audiences I often
> >talk to.  Instead I talk about a situation in which Alice has more
> >authority than Bob.  Bob might ask Alice to do something that Bob
> >doesn't have permission to do but Alice does.  Alice might 
> do it.    
> 
> Hmmm.  I feel forced to disagree with 'Norm' regarding the above.
> I believe the essential difficulty with the confused deputy problem is
> more than is conveyed in the above three sentences.  I consider the
> above sentences an over simplification of the confused deputy problem.
> 
I agree.  Nevertheless, the audience seems to grasp the basis of
confused deputies.  When talking to CIOs and the like, that's all that I
need.  If I ever uttered the word "crontab", they'd zone out.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060613/69f346d5/attachment.vcf