[OLPC Security] Re: Periodic identity updates
Frank Ch. Eigler
fche at redhat.com
Sun Feb 25 22:06:02 EST 2007
frumioj at mac.com writes:
> I wasn't suggesting that any unknown universe of negatives be
> enumerated; rather that /known/ "non-goals" of the specification are
> noted somewhere explicitly [...]
One problem with explicitly listing some "non-goals" is that they are
tantamount to assumptions about parts of the overall system. (Say,
"We don't address possible screwups in domain X." roughly implies "We
assume that domain X will not screw up".) That in turn provides a
focal point for an attacker to undermine the system ("Hey, let's try
to subvert X!"). So, in a way, listing the "non-goals" could be
self-defeating.
- FChE
More information about the Security
mailing list