On Wed, 2008-10-29 at 18:55 -0400, Peter Memishian wrote:
> But that's just it -- the admin isn't explicitly misconfiguring the
> system, he's just not familiar with the internal policy decisions that
> NWAM will make -- and I think it's unrealistic to expect that he can be.
I disagree that it's unrealistic. we need to make the (higher-level)
policy and policy decisions made by NWAM more observable.
(the GUI present in build 99 is a big step forward for desktop/laptop
users).
> Further, of course, DHCP is just an example of this class of problem.
>
> I agree that the problem is inherent to some degree, but minimally the
> admin should have a way to observe overrides to the their security policy,
> lest they think the system is more locked down than it really is.
We can certainly make per-socket policy overrides more observable.
- Bill
