At 12:07 -0700 02-08-03, Paul Hoffman / IMC wrote:
Seven years ago, I would have agreed with you. Having seen
the repeated failure of the apps folks and the security
folks to get even reasonably close to this goal, I'm very
skeptical. Having said that, I would bow deeply to anyone
who designs and deploys such a system.
It is very surprising and disappointing that application
layer security standards are not successful. This is
related to another area, micropayments, which also
has not been successful.
I am not a security expert and do not understand why.
Possible causes could be:
- Competing standards where unity is needed.
- Too complex and expensive standards.
- Maybe existing standards do not solve the right problem.
(For example protection of body, when protection of
heading is more needed.)
- Difficulty of establish a trusted key distribution
scheme giving everyone, not only a few large servers,
access to keys.
- Viruses and worms threaten keys stored in personal
computers, and smart cards (which possibly might
solve this problem) has not been successful because
of the extra cost or lack of standards.
--
Jacob Palme <jpalme(_at_)dsv(_dot_)su(_dot_)se> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/