[cap-talk] Google Chrome - web browser with sandboxed rendering
raould at gmail.com
Sat Sep 6 18:15:04 CDT 2008
> No. It doesn't have to be the end-user that configures the installation
> endowment. The application would be provided together with a description
> of the authorities it is to be endowed with. This description might be
> written or reviewed by an OS distribution, or an organisation's IT
> department, or some tech-savvy relative who set up your computer for you.
> We are only relying on this description to have been reviewed by someone
> who knows that a mail user agent should not have arbitrary socket access.
> The end-user doesn't edit this description (they can, but the "most users"
> you are referring to will not).
yes; an interesting avenue which has been on my mind as well. perhaps
consider it to be another example of (as e.g. Brian Eno and others
have pointed out) the need for trusted gatekeepers of media given how
much more media there is than one person can hope to peruse. one
chooses a person or organization one feels aligned with or has trust
in, and receives from them the pre-configured components.
linux distros offer some insight into how that might play out. they
already attempt to offer some amount of "install and play" ness. w/in
the distro world perhaps debian's "we preconfigure everything to work"
approach is most in line with the thinking. or, in the commercial
world, the way apple traditionally is closed up with one claimed
reason being they can offer a more seamless experience.
however, they are still quite far away from what lies at the end of
vision above. if only groups like those somehow managed to take
security+usability a zillion times more seriously than they do (to
some extent, it is simply that they don't realize that things can and
should be better, rather than any nefarious laziness).
the kicker to it all, however, is that as soon as you plug the machine
into the wide internet and let the user have at it, they will nigh
instantaneously hit the limits of what that approach has to offer;
they will invariably want to go to some resource that is configure in
some way that isn't "standard" or is at least confusing, and possibly
dangerous. and i dare say nobody is going want to solve that via some
"walled garden" route. people are willing to give their passwords away
for chocolate, etc.; security is stupendously undervalued up until
they get screwed.
it is worth considering, for any offered potential solution to some
security+usability problem, what chunk of the overall universe of
issues it is attempting to address. this to avoid a false sense of
confidence for everyone concerned. and to offer a way of piecemeal
solving the issues over time until the full gestalt can be tidied up
More information about the cap-talk