Frank Hecker wrote:
I think this comes down to the intended use case: Is our primary
concern protecting the typical Firefox, etc., user, who's primarily
concerned with surfing the public internet, or is our primary concern
protecting intranet users and providing tools for intranet admins?
Right. Just on that point, it would be perhaps
advantageous to advance that 'typical user'
profile as part of a general statement on security,
and perhaps get that general statement posted
on the web site in the /security/ corner.
I wrote a lot about this in terms of goals in a
recent essay ... but it's not necessary to go
quite so dogmatic as to declare a goal; that's
just a convenient handle by which you communicate
the seriousness of the statement.
http://www.financialcryptography.com/mt/archives/000349.html
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
