At Tue, 6 Jun 2006 11:13:55 -0400, Eric Northup <[EMAIL PROTECTED]> wrote: > I have been very concerned to see the discussions leaning towards > abandoning the security benefits associated with the design patterns > from KeyKOS and its descendants.
It may be well worth being explicit about the "security benefits" you refer to. Some apparent "benefits" may (at least by me) be considered harmful and a security threat. Of course, being explicit about it may very well throw us back into the beginning of the discussion. OTOH, leaving out the specifics leaves it up for interpretation, which leads to confusion. > I think there may be a design which supports both goals. The design you describe basically is: Use Coyotos, but give the user more options to configure which program has access to which resources. Well, I would hope that Coyotos already gives users such options. Presumably, programs will be able to detect what they get from the user, so they can simply deny service. A practical consequence is that the user stops using the options, because they break the programs that the user is expecting to work. That's not a way to ensure user freedom. It's similar to java, javascript etc in browsers. It's fine to switch them off to increase security, but only as long as they are not used by the sites one wants to visit. That's not a recipe for safe browsing, and in a similar fashion your proposal is not a recipe for user freedom. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
