Strength in Complexity?
Peter Saint-Andre
stpeter at stpeter.im
Mon Aug 4 15:52:16 EDT 2008
dan at geer.org wrote:
> With the caveat that I am reading mail in
> reverse order (i.e., panic-mode), I do have
> to say one thing and it isn't even to mount a
> stirring defense of Kerberos, which does not
> need defending anyhow...
>
> The design space for practical network security
> has always been:
>
> I'm OK
> You're OK
> The Internet is a problem
>
> A gathering storm of compromised machines, now
> variously estimated in the 30-70% range depending
> on with whom you are talking, means that the
> situation is now:
>
> I'm OK, I think
> I have to assume that you are 0wned
> The Internet might make this worse
>
> Put differently, network security has now come
> close to Spaf's famous line about netsec in the
> absence of host security being assured delivery
> of gold bars from a guy living in a cardboard box
> to a guy sleeping on a park bench.
BTW the original quote seems to be:
"Secure web servers are the equivalent of heavy armored cars. The
problem is, they are being used to transfer rolls of coins and checks
written in crayon by people on park benches to merchants doing business
in cardboard boxes from beneath highway bridges. Further, the roads are
subject to random detours, anyone with a screwdriver can control the
traffic lights, and there are no police."
-- http://homes.cerias.purdue.edu/~spaf/quotes.html
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20080804/4003967c/attachment.bin>
More information about the cryptography
mailing list