Marsh wrote: -+---------- | Everyone here knows about the inherent security-functionality | tradeoff. I think it's such a law of nature that any control | must present at least some cost to the legitimate user in order | to provide any effective security. However, we can sometimes | greatly optimize this tradeoff and provide the best tools for | admins to manage the system's point on it. |
I'll certainly agree that security cannot be made free, on the obvious grounds that security's costs are decision making under uncertainty plus enforcement of those decisions. Clearly, the most cost effective security involves voluntary avoidance: rejecting HTML e-mail, not parking your data on machines you can never see, eschewing technologies that compile a dossier on you, etc. As of now, you (as a person) can still control your attack surface. When the time comes that you can no longer do so... --dan _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
