[E-Lang] defense in depth

Tyler Close tclose@oilspace.com
Thu, 1 Feb 2001 16:48:29 -0000


David wrote:
> Still, this seems to be the usual argument for defense in depth.
> I think it is appropriate that it stands or falls on the strength
> of the independence hypothesis and the shape of the
> cost-benefit curve.

As Markm pointed out earlier, capabilities allow you to use POLA such
that you can isolate a particular authority within a very small
object. I contend that this means that it is possible (even easy) in
practise to reach the perfect defense stage for a specific authority.

As an exercise, try justifying the addition of an extra defense to the
MintMaker.

I don't think the cost-benefit curve is a curve when you are using
good capability based design techniques. Can you give any reason for
thinking that it is?

Tyler