On Sun, Oct 20, 2013 at 1:20 PM, Theodore Ts'o <[email protected]> wrote:
> On Sun, Oct 20, 2013 at 08:39:49AM -0400, Tony Rutkowski wrote: > > > > That is assuming the "average person" or the providers > > of services to such persons, cares enough to do anything. > > If the past ten years have demonstrated anything, the > > average person and provider do not care. Indeed, > > conversely, they will be concerned about cost, > > performance, ease of use, and attractive feature sets. > > As they say, past results is not necessarily indicative of future > performance. > It occurred to me the other day that many security mechanisms suffer from the same problem as a Ponzi scheme: Bernie Madoff's investment fund never missed a payment till the day it collapsed and all the money was gone. Which is why I don't like arguments based on probability because the probability you will be paid in full in a Ponzi scheme is 100% right up to the day that they close their doors at which point the probability drops to 0%. There are ways round this problem however. What I am doing at the moment is to look at measures of the work factor that take into account things like the time the effort is required, the monetary costs, the personnel etc.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
