security
James A. Donald
jamesd at echeque.com
Mon Oct 23 12:08:19 UTC 2006
Scott Kveton wrote:
> I'm not saying we shouldn't secure this technology.
> Its absolutely critical. However, I believe "simple
> and open" need to come first to aid in adoption and
> more importantly for us to figure out how users are
> going to use this technology. There are lots of great
> technologies out that are completely secure but
> utterly useless for end-users.
Consider the story of SSH.
SSH has one mode, and that mode always secure. Telnet
had two modes, regular telnet, and telnet over SSL.
Telnet over SSL was arguably as secure, in some
important ways more secure, than SSH, but no one every
managed to get telnet over SSL working. Everyone always
defaulted to the default (insecure) mode, and so
everyone adopted SSH, because it was a lot simpler to be
secure over SSH, than to use a protocol that was
basically insecure, with security cumbersomely cobbled
onto it.
More information about the general
mailing list