Keith, Applications can gain a lot of security by building on top of a lower layer secure communication substrate, such as that provided by IPsec or TLS. Such substrates allow the application developer to make assumptions about the security of the basic communication path, and have these assumptions be valid. Precisely the sorts of things you are citing as "bad" can be addressed in this way. Fancier application security requires some level of customization, perhaps in an application-specific fashion, as you noted. Steve
- Re: recommendation against public... Dennis Glatting
- Re: recommendation against pu... Valdis . Kletnieks
- Re: recommendation against pu... Daniel Senie
- Re: recommendation against pu... Dennis Glatting
- Re: recommendation against pu... Theodore Y. Ts'o
- Re: recommendation against publication... Keith Moore
- Re: recommendation against public... Stephen Kent
- Re: recommendation against pu... Keith Moore
- Re: recommendation against pu... Stephen Kent
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Stephen Kent
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draft-ce... Peter Deutsch
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Theodore Y. Ts'o
- Re: recommendation against publication of ... Peter Deutsch
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draf... Bill Sommerfeld
- Re: recommendation against publication of ... Patrik Fältström
- Re: recommendation against publication of draft-cerpa-n... Vernon Schryver
- Re: recommendation against publication of draft-ce... Valdis . Kletnieks