more on U.S. should fund R&D for secure Internet protocols, Clarke says

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Dave Crocker <dhc2 () dcrocker net>
Organization: TribalWise
Date: Fri, 01 Nov 2002 10:15:25 -0800
To: Dave Farber <dave () farber net>
Cc: ip <ip () v2 listbox com>
Subject: Re: <[IP]> U.S. should fund R&D for secure Internet protocols, Clarke
says

Dave,

Security is an outcome, not a technology.

         Consider the buggy code that Steve Bellovin cites.

         Consider the social engineering of email viruses that get you
         to click on a dangerous attachment.

         Consider the compromised servers that hold thousands of credit
         card numbers.

None of these problems involve "secure Internet protocols".

In fact, the Internet already has a considerable bag of technical tricks
for Internet protocol security, and there is no indication that any of them
lacks adequate strength.

The fiasco of 802.11 WEP security and the failure of end-users to employ
existing security technologies suggest that the real problems lie elsewhere.

           We need better methods of designing safe software.

           We need better methods of designing entire *services* that have
           end-to-end safety and security, with a focus on administration
           and operations.

           We need better methods of designing "usable" security, so that
           end-users do not find it so daunting.

           We need more coherent and pragmatics laws concerning use of
           security technologies, so that vendors can make and distribute
           high-quality security solutions and customers can buy and operate
           them.

The reference to cost of certificates underscores one area that probably
does need better technology, namely certificate administration. We do not
yet have an ability to use certificates on a very large scale. (In the
Internet, "very large scale" means many millions of users, able to interact
with no prior arrangement.)

The problem seems to be both with the fragile, cumbersome design of
centralized, global certificate hierarchies, and with the fascinating human
factors complexity of using certs.

Focusing on "Internet protocols" is like worrying about improving tumblers
in physical locks.  There is nothing wrong with making them better, unless
someone seriously thinks that the improvement will have anything at all to
do with achieving a more secure home.

The successful outcome of a safe and secure Internet needs a focus on
systems development, system administration and human usability. Protocol
algorithms are essentially irrelevant to the threats we face today.

d/


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?member_id=125275&user_secret=1aa8f2d6

Archives at: http://www.interesting-people.org/archives/interesting-people/