Re: "The End of SSL and SSH?"

[Adrian Close <adrian () ESEC COM AU>]

On Wed, 20 Dec 2000, Kurt Seifried wrote:

> The main point of the article was to let people know that SSL and SSH
> are far from perfect, in fact I think they are pretty poor because
> they rely so heavily on the end user (usually the weakest link). This

* Security fundamentally relies on people, not technology.  The technology
is a means to an end.

No amount of security software (SSL, SSH, DNSSEC, PKI or whatever) is
going to help if the people involved don't take on security conscious
behaviours.  Conversely, used appropriately, these tools are excellent
aids to implementing effective network security.

This is almost certainly not news to anyone on the list, but probably
worth pointing out at this juncture.  I also think it's worth preaching to
the unsuspecting public so they might have a chance of achieving some
reasonable level of security.


Adrian Close                                    email:  adrian () esec com au
Network Architect                               phone:  +61 3 8371 5300
eSec Limited                                    fax:    +61 3 8371 5399
"Protecting your e-business..."                 web:    http://www.esec.com.au