> I believe that good security can be achieved only by taking into
> consideration all possible attacks from all possible attackers. Is
> the Mono project leadership in disagreement with this view?
Good risk management will allocate resources to possible attacks
in proportion to:
- their assumed chance of occuring
- the assumed extent of the damage of such an attack
- the leverage which can be achieved against such an attack
For example:
If there's a chance of the NSA having a crack for RSA crypto,
and all your secrets will be known by the government, but you
just have no way of figuring out how to build a new cryptosystem,
then you probably are still doing the risk analysis that RSA is
good enough.
I believe that all three of these criteria will push this risk
to the bottom of the pile WRT mono task lists. But if you feel
different, I think there's room to contribute ;-)
Cheers,
/ h+
_______________________________________________
Mono-list maillist - [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/mono-list