[EROS-Arch] Re: [E-Lang] Re: Interaction Design for
End-UserSecurity
Mark S. Miller
markm@caplet.com
Thu, 05 Apr 2001 12:35:40 -0700
Since Jonathan accidentally cross posted this response to both lists, I'll
mention that it's a response to
http://www.eros-os.org/pipermail/eros-arch/2001-April/002971.html , and
answer briefly to both lists. I doubt Jonathan & I have any substantial
disagreements here, just terminological and rhetorical ones, so I hope to
make this my last posting on this thread.
At 10:36 AM Thursday 4/5/01, Jonathan S. Shapiro wrote:
>You are absolutely right. What I should have written was:
>
> In the real world, nothing's ever perfect, but
> some things are more perfect than others.
>
>The issue at hand is not the feasibility of mathematical perfection in a
>quantum universe. The issue at hand is that every real system is
>designed under assumptions about the environment in which it operates.
I'll simply point out the contradiction between the unqualified broad
indented statement about "nothing" vs the narrowly defined "issue at hand".
The lambda calculus is almost certainly perfect, and its encapsulation
almost certainly provides perfect security. This contradicts the above
broad statement about "nothing", and it certainly falls outside Jonathan's
definition of the "issue at hand". While Jonathan's statement
>So in the limit, I think that security pretty much *is* always
>vulnerable to the next yet cleverer hacker. Not because of failures in
>the techniques, but because of errors in the judgement of the people who
>prioritize, deploy, and apply them.
may be true within the narrow issue-at-hand scope he defines, I doubt that
the lambda calculus itself is vulnerable to this sort of threat.
Cheers,
--MarkM