Hacker News new | ask | show | jobs
by geofft 4237 days ago
Availability is part of security, right next to confidentiality and integrity. Systems that silently fail closed aren't secure in a meaningful way, because you can't distinguish a DoS from "working as designed".
2 comments
mhurron 4237 days ago
Availability does not mean availability at any cost. When designing a system at no point should it be considered secure if it fails open.

The issue is that there is little information provided to the user to indicate why there is an issue, but it most certainly should fail closed.

link
DougBTX 4237 days ago
Unless it opens the door to downgrade attacks, then things get a bit more murky: http://crypto.stackexchange.com/questions/10493/why-is-tls-s...
link