Re: [Asrg] 0. - General - Consent and SoBig

[Brad Knowles <brad.knowles@skynet.be>]

At 1:01 PM -0500 2003/08/23, gep2@terabites.com wrote:

>  Most of these recipients who allowed this worm to infect their
>  computer probably would NOT have had authorized those senders
>  to send attachments at all, let alone EXECUTABLE attachments.
	I disagree.  If you have a consent framework system, and the 
dominant monopoly application vendor chooses to default to turning 
off all security, by far the vast majority of users will leave it 
that way.  Thus, they would remain vulnerable.

	This entire problem would have been a non-event even without a 
consent framework system, if the dominant monopoly application vendor 
actually paid any attention whatsoever to the issue of security from 
a user perspective.


	A consent framework system is neither a necessary condition nor 
sufficient, unless it is a fundamental requirement of the most basic 
kind of operations.  However, such a system may be an enabler, 
especially during a time of transition from an old system that 
doesn't use it to a new system where it is integral.

	However, to be truly effective, we have to make sure that we do 
everything possible to create a system in which all possible 
implementations default to "secure" mode, as opposed to "insecure".

--
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg