![]() ![]() We'll look at the original FIDO (second factor only) scenario because that's cheapest and apparently Twitter was very budget conscious on security? In most scenarios a FIDO authenticator (for U2F/ WebAuthn) won't even sign your login attempt for the wrong site at all, because of how it works. Not surprisingly, people still didn't get it, which was why Christ revised it to "turn the other cheek." This isn't a new problem, the point of "an eye for an eye" in Mosaic law was to limit vengeance and vigilanteism with a doctrine of proportionality. Tolerance is what civilized people do in response to real life situations, and when they don't you get feuding and war. And I'd even argue that the fact that we inevitably have to tolerate some harm makes the concept of zero tolerance fundamentally contradictory. Then we're stuck tolerating it, or taking it out on some scapegoat. If there's sufficient uncertainty, we aren't even sure we can direct our response to the harm at the correct party. Someone can get hurt in a car crash, and if it's clearly an accident, the injured party is generally not going to hold a grudge. Law typically breaks it out as the action that caused the harm, the intent to cause that harm, and the certainty of your knowledge of the facts.Īs soon as you bring intent into the equation, you're willing to tolerate a great deal of harm. The point of tolerance is that some harm is done, and the injured party is going to limit their response to it. But intent is useful to the discussion let me explain why I don't think zero tolerance allows for intent and other mitigating factors. Well, intentional is your head-canon since they didn't use that word. > Intentional misuse of credentials is ultimately subordination. My issue is with concept itself, and the broader mindset that you see in legal concepts like strict liability. I'm not annoyed at Twitter specifically as they're hardly the inventors of the phrase. Splitting hairs is the raison d'etre of this site. > I'm not trying to split hairs or be a Twitter apologist here. And if it's not arbitrary because they have some actual doctrine that can be consistently applied, then it would make more sense to use that doctrine. The supposedly clear policy becomes capricious or arbitrary. This process of rationalizing will be different depending on the situation and their biases. ![]() Specifically, any administrator who hasn't worked out a detailed meaning will have to crystalize their understanding when it comes time to apply the idea. "Zero tolerance" sounds so clear, it even has a number in there! But, nevertheless, one can rationalize just about any outcome by invoking it. That doesn't necessarily follow, as it depends on exactly what they have zero tolerance for.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |