[Mono-list] Re: Bootstrapping

Jon Watte hplus@b500.com
Mon, 12 Jul 2004 08:45:27 -0700

> I believe that good security can be achieved only by taking into
> consideration all possible attacks from all possible attackers.  Is
> the Mono project leadership in disagreement with this view?

Good risk management will allocate resources to possible attacks 
in proportion to:

- their assumed chance of occuring
- the assumed extent of the damage of such an attack
- the leverage which can be achieved against such an attack

For example:

If there's a chance of the NSA having a crack for RSA crypto, 
and all your secrets will be known by the government, but you 
just have no way of figuring out how to build a new cryptosystem, 
then you probably are still doing the risk analysis that RSA is 
good enough.

I believe that all three of these criteria will push this risk 
to the bottom of the pile WRT mono task lists. But if you feel 
different, I think there's room to contribute ;-)


			/ h+