On Mon, May 5, 2008 at 10:24 AM, Gary McGraw <[EMAIL PROTECTED]> wrote: > hi sc-l, > > Here's an article about Mundie's keynote at RSA. It's worth a read from a > software security perspective. Somehow I ended up playing the foil in this > article...go figure. > > http://reddevnews.com/features/article.aspx?editorialsid=2470 > > So what do you guys think? Is this end-to-end trusted computing stuff going > to fly with developers?
I think you're both right. I'm working on a longer writeup of the ideas on the end-to-end paper but I think you've captured part of the problem at the heart of things. We're going to have to trade some fundamental computing liberties to get the kind of security required to actually have trusted relationships via computers. Good or bad I don't want to comment on right now. If you've read "Code and other laws of cyberspace" by Lessig you'll see some of the same ideas albeit it from a more regulatory perspective than from a purely technical one. The updated "Code 2.0" book captures a lot of these same ideas. I think Charny is missing the mark ever so slightly when he says the security goals can be achieved without compromise on the part of privacy, or functionality. As Lessig clearly points out - the rules of the networks, computers, etc. aren't real rules in any sense. its not like they are physical laws, the rules are determined by code. This code, and the policy behind it, can change. I think the real question isn't whether this is going to fly with developers, its whether its going to fly with the public at large. Are people (and their proxies - Governments) going to finally demand a change in the the rules/game? -- Andy Steingruebl [EMAIL PROTECTED] _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
