On Fri, Sep 26, 2008 at 11:35 AM, Oren Beck orenbeck@gmail.com wrote:
The only comment beyond my lead in for rethinking client/server security is an admonition of ethics.
If we lived in a world like RMS envisioned we'd need no passwords.
I like to think he was wrong on that. Passwords are like locks on doors, as the saying goes "they keep an honest person honest", even if a criminal can just break the door in. Locks don't just keep the baddies out, they help maintain a degree of expected privacy and security. Above this though, is that even asking for a password when doing an su, for example, you have to stop and think for a split second about what you are doing. It a step to keep flying fingers and mind in check when performing possibly dangerous commands/actions. A password is not just an anti-evil-doer measure, but an anti-boneheaded-mistake preventer. Passwords are used for increasing levels of security control to prevent people from easily making critical mistakes. Having a wide-open system is just asking for some noob to walk up, find you are low on disk space or something and kindly make some available to you at random. Even though I used the quote above, the honesty of people has absolutely nothing to do with their competanance or capability, which using passwords can help keep in check.
Jon.