[Ow-tech] Open Secure Wireless discussion

[Ranga Krishnan]

This is a good point. Thanks for highlighting it. 

Making salient what threats one is vulnerable to is not just a "truth in advertising" issue 
but a valuable service to the user to watch out for those threats. 

In the Web UI work we have discussed weaving informational/educational pieces. We 
will try to do something there and in our advertising to clarify what we are NOT ABLE 
and what we are able to do for the user. 



On May 28, 2014, at 8:07 AM, dpreed at reed.com wrote:

> It's a general, personal  concern about packages/subsystems making security claims.
>  
> Since security requires much more than encryption and key management, and since the public lacks even the most elementary notions of how one builds systems secure against the broad set of (technical meaning here:) adversaries and threat models they must worry about, it's important to start a discipline of clarity in claims made.
>  
> Part of that discipline should be some kind of explanation of how easy it might be to subvert the package/subsystem for certain goals.  Another part should be clarity on what threats it can be used for, and what threats it will do nothing for.
>  
>  
>  
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/mailman/private/ow-tech/attachments/20140528/57ae8152/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.eff.org/mailman/private/ow-tech/attachments/20140528/57ae8152/attachment.sig>