> Though a better, more deterministic definition should be made, I > think. Including examples of attack vectors / defenses for each > level.
I think that this would be valuable. Your framing of the issue is very logical and practical. I'm generally a fan of approaches like this that can solve one problem at a time, rather than waiting for a perfect solution that will solve all problems at once. Clearly identifying levels of security and what is needed to obtain each one, and then attempting to obtain as many as possible in a given situation seems wise.
