[Mono-list] Re: Bootstrapping
Jon Watte
hplus@b500.com
Mon, 12 Jul 2004 08:45:27 -0700
> I believe that good security can be achieved only by taking into
> consideration all possible attacks from all possible attackers. Is
> the Mono project leadership in disagreement with this view?
Good risk management will allocate resources to possible attacks
in proportion to:
- their assumed chance of occuring
- the assumed extent of the damage of such an attack
- the leverage which can be achieved against such an attack
For example:
If there's a chance of the NSA having a crack for RSA crypto,
and all your secrets will be known by the government, but you
just have no way of figuring out how to build a new cryptosystem,
then you probably are still doing the risk analysis that RSA is
good enough.
I believe that all three of these criteria will push this risk
to the bottom of the pile WRT mono task lists. But if you feel
different, I think there's room to contribute ;-)
Cheers,
/ h+