> I believe that good security can be achieved only by taking into
> consideration all possible attacks from all possible attackers.  Is
> the Mono project leadership in disagreement with this view?

Good risk management will allocate resources to possible attacks 
in proportion to:

- their assumed chance of occuring
- the assumed extent of the damage of such an attack
- the leverage which can be achieved against such an attack

For example:

If there's a chance of the NSA having a crack for RSA crypto, 
and all your secrets will be known by the government, but you 
just have no way of figuring out how to build a new cryptosystem, 
then you probably are still doing the risk analysis that RSA is 
good enough.

I believe that all three of these criteria will push this risk 
to the bottom of the pile WRT mono task lists. But if you feel 
different, I think there's room to contribute ;-)

Cheers,

                        / h+


_______________________________________________
Mono-list maillist  -  [EMAIL PROTECTED]
http://lists.ximian.com/mailman/listinfo/mono-list

Reply via email to