On Sat, 25 Mar 2006 12:37:07 -0500, Thor Lancelot Simon
<tls@rek.tjls.com> wrote:

I like what you said, but I want to call attention to one point:
>
> As Kirk said to me years ago, the idea was to
> provide a simple, even provably-correct, means of dramatically limiting
> the extent of any system compromise

I'd like to retain the focus on "simple, even provably-correct".  Any
new scheme should be high assurance.


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb