Phillip Hallam-Bakerwrote:
...
The reason I keep coming back to the data level security issue is that
1) It is in scope for IETF. Data level security protects data at rest and
in motion.
2) There have been recent expiries and are imminent pending expiries
of key IPR that makes a solution much easier.
Clearly that statement is self-contradictory. If the IPR has existed long
enough to be at expire, the 'easier solution' has existed for a long time. The
choice of not using it is simply a cost issue. If people don't believe
protecting the data is worth the cost, the data will be exposed.
3) It is one of the things we can fix that has the greatest security payoff.
You can "improve" it, but you will never "fix" it. As long as humans have to
interact with the data, there has to be a mechanism to expose the data, and
that mechanism will always be vulnerable to compromise.
Tony