User talk:Mstone/Rainflow

From OLPC
Jump to navigation Jump to search

Peer review Activity

Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.

A shared "source browser" with highlighting/bookmarks and chat might be a good start.

-- Sascha Silbe

Other Ideas

  • Do what is safe; prompt for unsafe things.
  • So what about that covert channel in CSS for detecting what sites you've visited?
  • Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
    • Then I can compare my cards with other people's.
  • The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
  • So how does this play into REST? and sessions?
  • Also, how about search and browsing?
    • Perhaps people have templates that describe what kinds of data they're looking for?
  • Why did sshkeys.net fail?

Examples

  • Paul's geodata example
  • Automated scans of machines and software.
  • CAcert assurers
  • PGP key signings
  • "User clicks" vs. auto-updates