From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <021601c100eb$2541fa40$c0b7c6d4@SOMA> From: "Boyd Roberts" To: <9fans@cse.psu.edu> References: <20010619171302.3531519A05@mail.cse.psu.edu> <014501c100e6$89bb8310$c0b7c6d4@SOMA> <01ac01c100e8$905e5b00$6401a8c0@freeze2k> Subject: Re: [9fans] Inferno plug-in security MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Date: Sat, 30 Jun 2001 00:30:45 +0200 Topicbox-Message-UUID: c1abee2c-eac9-11e9-9e20-41e7f4b1d025 > You've got lots of security experience so i am told. but it's always a trade-off -- what you want to protect and how much you're prepared to spend/invest to protect it. every situation is different. it even comes down to how long the information is valid for. guess the base level premise is: - you don't want to get ripped off [authentication] - they don't want to get ripped off [authentication] - the transaction has to happen in such a way -- ahh, non-repudiation is the word [my english/french is in a bit of a weird state after the london trip, but it's pretty much like that most of the time now] anyway, you can break it down to two rules: - what have you got to protect - how much are you prepared to spend and those two can be managed in interesting ways.