On 3/15/2010 4:33 AM, tahoe-lafs wrote > I've just been looking at the implementation of Toby's > [http://allmydata.org/pipermail/tahoe-dev/2010-March/004137.html > Tahoe Explorer]. It seems very well-written and quite suitable to > be included in Tahoe proper, so that we could adapt it to be a more > secure replacement for the existing WUI.
It is obvious that capabilities need a capability explorer. It has long been demonstrated that people cannot think both of security requirements, and the task at hand, therefore expecting people to use some non capability tool to manage capabilities in a secure manner is not going to work. The tool has to invisibly address security requirements without ordinarily requiring any extra clicks. The task at hand is doing stuff, security requirements are stopping people from doing stuff. Further, there is a long long list of dangerous actions to be avoided, to which no one is likely to pay attention. Cryptographers, among them myself, have a bad habit of dumping low level cryptographic tools on end users, with the result that the user has fifty seven ways of doing something, of which seventeen are obviously insecure, twenty six are subtly insecure, and fourteen are secure. The user looks at the instructions and warnings, which merge together in a great gray blur, and never uses the tool. The tools need to be pre-assembled and complete so that there is one simple and obvious way to do something, and it is the secure way. _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
