Peter Gutmann wrote: > Just a general thought, it seems like the OLPC security design is a real-world > implementation of Bill Cheswick's "Windows OK" proposal. See for example > http://usablesecurity.com/2005/07/07/bill-cheswick/ for more on this (modulo > the comments on "feature starvation", which don't apply to the OLPC design).
The systems are similar in their desire to offer no-frills protection, but I think the similarities end there. If I had been trying to simply lock the machines down, as is the essence of Cheswick's proposal, my task would have been extremely simple. The resulting security model would also have gone against everything OLPC's educational principles stand for. I think you'll find that moving (even mentally) from "protection by not running untrusted code" to "usable protection _while_ running untrusted code" involves a few trips through a labyrinth sitting on top of a mine field, with the exit guarded by a killer rabbit. It's also certainly possible I'm not smart enough, and other people find this to be an easier problem. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
