The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #297 [the good of prophylactics] (1 message, 897 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/297.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: cher@whutt.att.com
To: phage
Date: Wed 10:16:00 23/11/1988 EST
Subject: the good of prophylactics
References: [Thread Prev: 300] [Thread Next: 301] [Message Prev: 296] [Message Next: 307]

To: arpa!phage@cs.purdue.edu
Subject: the good of prophylactics

> On the other hand I think we have to be cautious about fooling
> ourselves. People are proposing all sorts of prophylactic security
> mechanisms (this one, shadow passwds etc) which I believe is a bad
> thing to stress in general. It seems to be the management of
> insecurity rather than any attempt to create security. Have we really
> given up and just decided to limit the damage? Sounds like a bad idea.
> Also an infinite pit into which we will regret having slipped.
> 		-Barry Shein, ||Encore||

There does not seem to be an alternative. Since most of the attempts
to make the system secure are based on the Orange Book, and the OB
requires a grand underlying security policy only at higher levels, many
of these attempts are largely tinkering. Even at higher levels, making
a secure system looks like addressing a myriad of separate concerns.

As for stressing little prophylatics: if the peephole approach to security
makes one uncomfortable, one can always devise a grand umbrella principle.
Eg, The Great Principle of the Least Privilege demands that you not
use setuid foo where you can use setuid something-less-powerful-than-foo;
the Great Principle of the Least Knowledge says that the users have no
need to see password encryptions, etc.
		Mike Cherepov

END OF DOCUMENT