In message <Pine.GSO.4.44.0212241538270.9020-100000@clifden.donelan.com>, Sean Donelan writes:

On Tue, 24 Dec 2002, Richard Forno wrote:

...

In my last post when I said this:

...

If something's deemed 'critical' to a large segment of the population, the n security must NEVER outweigh conveinience. Period. Non-negotiable.

I meant to say that security must ALWAYS outweigh convienience.

Sigh, people are playing games with words to force false choices. Of course its negotiable because the act of defining something "critical" is a negotiation.

Not only that -- security is not 0/1, all or nothing. It is possible to be more or less secure; building a security system -- like a firewall -- that has only the two states of "wide open" and "absolutely impenetrable" is a bad idea. Security is about risk management -- see Schneier's book "Secrets and Lies". --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)