On Tue, Dec 10, 2013 at 7:31 AM, Jari Arkko
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:
Au contraire. I like security. I recognise the need for security, and am
glad it exists.
I'm just not a big fan of people who demand security where it is not
needed, and who prioritise security above all other aspects of protocol
design, which are dismissed as unimportant and are neglected as a result.
Perhaps it might be easier to discuss this if we all recognised that it is
a question of tradeoffs. (But as Phillip correctly noted, the world
changes, perceptions changes, new information comes available, and today's
tradeoffs may be different from yesterdays.)
What else do we really need to do?
I don't see reducing the load time of a HTTP page by a few milliseconds to
be a higher priority, though the browser providers have always disagreed
with me on that.
The real tradeoff comes in implementation quality. Most IETF security
protocols have been considered to be checklist items. They are features
that are supported only to the extent necessary to claim support. So
Windows and Mac both support IPSEC VPN but the native implementation has a
rubbish user interface.
--
Website: http://hallambaker.com/