Hi,
Matt Amos wrote:
> as with any security measure, to minimise your risk you need to be
> aware of the security horizon (which will depend on what your attack
> profile is) and change your authentication details regularly.
I think any security discussion should start with a threat assessment:
1. What do we want to protect?
2. Whom do we need to protect us against?
3. What resources (and what other means to get to 1.) does that guy have?
Sometimes, for a balanced reaction, you might also want to add:
4. How realistic is the threat *currently*, and if the threat is not
*currently* realistic, then how much damage would be done if one just
waits until the threat becomes real?
The existing demands for encryption seem more politically/ideologically
motivated ("we should long since have done X"), with the answers to the
above being something like "our privacy" for 1, and "world governments"
for 2. - I don't believe in the notion that general paranoia heightens
your personal security and privacy.
As for OSM, I'd say we can afford to wait until governments start
large-scale spying on their citizens (or subjects, for those of us who
live in monarchies), and then we can still encrypt everything.
Bye
Frederik
_______________________________________________
talk mailing list
[email protected]
http://lists.openstreetmap.org/listinfo/talk
