> But the difference is who is in final control. In the end, the users of > computers should be in final control, not their makers, or we have given > up essential liberty. We can develop systems which provide suites of > more specialized privileges to particular functions, without giving up > essential liberty. We have a long way to go in actually DOING this, but > the opportunity is there. >
I believe the point of Dan Geer's paper is not that these are desired outcomes so much as realistic outcomes. If you cannot provide effective security (and we're not) and people are relying more and more on computers for real world things (and they are), then someone else (who is not a geek) is going to come in and more or less arbitrarily assign risk and responsibility to parties. For example (quoting Dan Geer's paper): "We've done this before—Regulation Z of the Truth in Lending Act of 1968 says that the most a consumer can lose from misuse of a credit card is $50. The consumer can be an idiot, but can't lose more than $50. Consumers are, in fact, not encouraged to self-protect by such a limit—quite the opposite (and $50 in 1968 would be $275 today). No, if there is to be a preemption, the intelligence it requires will be based on a duty of surveillance that is assigned to various “deep pockets.” The countermeasures, in other words, are not risk-sensitive to where the risk naturally lies but risk-sensitive to where it is assigned. Look out side effects, here we come." Something like Regulation Z may not come to pass in information security, but if I were a betting man, I think its a more likely outcome in the real world than a combination of principle of least privilege + perfect code + 4 billion highly trained users; none of which I have seen. -gp _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________