With the caveat that I am reading mail in reverse order (i.e., panic-mode), I do have
to say one thing and it isn't even to mount a
stirring defense of Kerberos, which does not
need defending anyhow...

The design space for practical network security
has always been:

   I'm OK
   You're OK
   The Internet is a problem

A gathering storm of compromised machines, now
variously estimated in the 30-70% range depending
on with whom you are talking, means that the situation is now:

   I'm OK, I think
   I have to assume that you are 0wned
   The Internet might make this worse

Put differently, network security has now come
close to Spaf's famous line about netsec in the
absence of host security being assured delivery
of gold bars from a guy living in a cardboard box
to a guy sleeping on a park bench.

BTW the original quote seems to be:

"Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police."

-- http://homes.cerias.purdue.edu/~spaf/quotes.html


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to