[cap-talk] Rich Sharing and Clusterken videos come to YouTube
Stiegler, Marc D
marc.d.stiegler at hp.com
Thu Mar 15 09:50:16 PDT 2012
You identify a number of threats in the critique below. While important, they are only some of the threats that should be considered when comparing webkeys today to the other alternatives available today (rather than to a more perfect hypothetical future world). I believe your criticisms approximately align with the shoulder surfing and social engineering criteria in the decision matrix video comparing webkeys to passwords. To the extent they are not, then they should be added as additional criteria. Even then, it's not clear the result would compellingly argue in favor of sticking with passwords until we have revamped the world to better support webkeys. Even if webkeys are currently only approximately equal, on pure security criteria, to passwords, I think webkeys would win once you include usability (zero-signon click and go) and functionality (rich sharing).
Ben Laurie's post on evaluation criteria for password replacements is a marvelous enhancement of my decision matrix video. I'm still digesting it, but it looks like a better place to start to do a hardcore decision matrix.
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org [mailto:cap-talk-
> bounces at mail.eros-os.org] On Behalf Of James A. Donald
> Sent: Wednesday, March 14, 2012 8:58 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Rich Sharing and Clusterken videos come to
> On 2012-03-15 10:30 AM, Toby Murray wrote:
> > Trawling the other videos Marc has posted to youtube, I quite enjoyed
> > the following:
> > "Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
> > http://www.youtube.com/watch?v=mjBG2r34jvo
> > (Best watched after the PubShare one.)
> One obvious problem: Fine grain authorities are interesting only if
> pass them around. Your browser and your email will cheerfully report
> these authorities to all and sundry, not knowing an authority that
> should be world readable, because you usually want as much audience as
> possible, from an authority that should not be.
> To pass around authorities between programs written by different people
> with conflicting interests we need an operating system that is
> internally different from what we have, though look pretty much the
> to the humans using it and the programs running under it.
> To pass around authorities between people, as in the example given in
> the you tube video, we need a browser and email system significantly
> different from what we have.
> Since a browser is an enormous chunk of software, need to somehow wrap
> the browser, so that the browser sees petnames for valued authorities
> that should not be known to the world, therefore cannot rat them out.
> And of course, need to communicate securely with people: each person
> to be represented by numerous write only authorities to his read only
> queue, which ultimately means we have to represent people using Zooko's
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk