User talk:Mstone/Rainflow
Jump to navigation
Jump to search
Peer review Activity
Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.
A shared "source browser" with highlighting/bookmarks and chat might be a good start.
-- Sascha Silbe
Other Ideas
- Do what is safe; prompt for unsafe things.
- So what about that covert channel in CSS for detecting what sites you've visited?
- Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
- Then I can compare my cards with other people's.
- The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
- So how does this play into REST? and sessions?
- Also, how about search and browsing?
- Perhaps people have templates that describe what kinds of data they're looking for?
- Why did sshkeys.net fail?
Examples
- Paul's geodata example
- Automated scans of machines and software.
- CAcert assurers
- PGP key signings
- "User clicks" vs. auto-updates