IETF Journal: Security Protocol Failures

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phillip Hallam-Baker writes in The IETF Journal (Volume 3
Issue 3 - December 2007):

[snip]

The Internet is insecure, so what went wrong? Contrary to widely held
belief, the reasons for Internet security protocol failure are not
primarily technical. Failure to understand the risk model and to meet the
actual user requirements are much more significant causes of security
failure.

The economics of security protocol deployment and security usability
engineering are also key: a protocol might as well not exist if it is not
used.

[snip]

Much more here:
http://www.isoc.org/tools/blogs/ietfjournal/?p=176

Very much worth a read.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHxJrxq1pz9mNUZTMRAj7jAJ9H9JOYKC4ihMSzxMtnokbkGm46cwCfQ0te
dOlYuPdTmfzQWNk0Eeds34Y=
=XQAR
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.