Paul Hoffman wrote, On 2008-05-30 07:17: > Adding strong locks to the front doors while the back doors still have > weak locks is useless from a security standpoint.
You seem to be arguing that no-one should bother to put locks on their doors while there remain some people who have no locks on their doors. If we all lived in one house, and all our valuables were available to anyone who penetrated any door, that analogy would be apt. But the information that Mallory actually gets from successfully attacking a connection (opening a door) is not the same for all connections. The information going over various connections is compartmentalized, analogous to separate items of value in separate houses with separate doors with separate locks of various strengths. > Mallory will always attack the weakest part of the system. There will always be people who refuse to take adequate security measures. They will always be fair game for Mallory. The success of locks on doors is measured by how well they protect those who wish to use them and who do deploy them. Off hand, I can't think of a good physical analogy to the strange world of crypto-based security, in which our "locks" get weaker over time. Because physical locks do not tend to get weaker with time, people are not accustomed to upgrading their locks with time. They tend to install one lock and forget it. Here in this thread we hear Mozilla community members vocalizing their desire to make the world aware of the need to strengthen their locks, and to help prod the lock makers in that direction. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto