[sldev] More about viewer auth in today's RC

Argent Stonecutter secret.argent at gmail.com
Wed Dec 5 08:04:03 PST 2007


On 04-Dec-2007, at 20:35, Jesse Barnett wrote:
>> It's not a security system.

>> Like Tess said, this isn't about security.

>> This is about a lot of words that people mix up with security. Like
>> evidence, and investigation, and forensics, and stuff like that.

> Billion dollar credit card companies would disagree with that  
> assessment.

I don't think so. Credit card companies do not actually apply a huge  
amount of direct effort to security. Your credit card and number  
contain no security features beyond a simple documented (thus  
reproducible) checksum. If they were to make their cards foolproof  
with embedded biometric sensors, encrypted certificates, and temper- 
resistant storage... they would get so much pushback from their  
customers. Instead they apply the effort to fraud investigation, and  
tools to improve fraud investigation, and gathering evidence to  
detect fraud, and so on.




More information about the SLDev mailing list