[cap-talk] Capabilities and Freedom vs. Safety
Jonathan S. Shapiro
shap at eros-os.com
Fri Jul 27 12:00:42 EDT 2007
On Fri, 2007-07-27 at 20:56 +1000, James A. Donald wrote:
> Security must be based on real attacks and real threats,
> not on "proofs" of security which have little contact
> with reality external to that proof.
Crap. Security must *address* real attacks and real threats, but if that
is the only thing they do then the war of escalation continues
indefinitely. The only currently credible path to ending the war of
escalation is to get a formal basis under our security models so that we
can solidly understand them.
As to "little contact with reality", I will not respond to such an
uninformed value judgment until you have substantiated it. Many of the
people on this list have significant accomplishments on our resumes in
"real world security". And yet they are here, on this list and
professionally, applying considerable energy to sorting through some of
these "unreal" issues that you so deride. Perhaps this should give you
pause to consider the possibility that your view is excessively narrow.
> Thus "proof" of
> security, when applied to desktops, is apt to prove that
> which cannot possibly be true.
Then it is good that nobody here has offered any such thing. The proofs
under discussion are proofs of properties that support the engineering
of better systems. They are not, and do not claim to be, overall proofs
of security.
> I doubt that rewriting everything in terms of protected
> capabilities is a good idea, and I am sure that even if
> it is a very good idea, as many on this list have
> plausibly and passionately argued, it is not going to
> get done.
Then why are you wasting your time and ours?
More information about the cap-talk
mailing list