ietf
[Top] [All Lists]

Re: 10 years and no ubiquitous security

2002-03-19 07:10:02
At 10:18 AM 3/18/2002 -0600, Steven M. Bellovin wrote:
In message <3C93EEA3(_dot_)28833ABD(_at_)greendragon(_dot_)com>, William Allen 
Simpson writes:
"The Purple Streak (Hilarie Orman)" wrote:
...

But Bill, I'm trying to understand what your point is.  We can't force
people to use security.  IPsec is standard in most major business
operating systems (Win2K, Solaris, *BSD, etc.) and available for for
Linux.  There are hardware solutions -- I have a small IPsec box with
me in Minneapolis.  But except for VPN scenarios, most people choose
not to use it.  I think there's a lesson there, but I fail to see how
Steve Kent or any of the other players in the history of IPsec are at
all at fault.


At last call call several years ago I detailed my misgivings about
the design.  However since so many talented people had already put
years of work into it I also wrote that the market must decide its
fate. It seems to have decided, IPsec has settled into a fairly modest
VPN market niche ($200M/yr revenues or so?). It is not turned on by
(or not available on) at least 99% of the Internet hosts.

I guess the $64 question is whither do we go now with IPsec?
1. Do we do significant surgery on it and muddle on?
2. Do we stop working on it and start over with a fresh design?
   (Besides VPN what other pressing problem needs a solution?)
3. Do we give up? (Or at least be satisfied with a VPN only solution.)

I'm a little amazed that IPsec has had as much success as it has had
to date.  I've seen so many other secure IETF protocols die much more
quickly; SNMPSEC, PEM, SHTTP, etc.

- Alex


--

Alex Alten
Alten(_at_)ATTBI(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>