security

[Scott Kveton]

> Or SMTP, or POP3 or IMAP or the failed SSL encryption that was built into 1
> version of AIM.
> 
> Same story.

Can folks give me an example of something that was comopletely secure from
day one and that got wide-spread adoption?

- Scott



> -----Original Message-----
> From: James A. Donald [mailto:jamesd at echeque.com]
> Sent: Monday, October 23, 2006 7:08 AM
> To: Scott Kveton
> Cc: Alaric Dailey; general at openid.net
> Subject: Re: security
> 
> Scott Kveton wrote:
>> I'm not saying we shouldn't secure this technology.
>> Its absolutely critical.  However, I believe "simple  > and open" need to
> come first to aid in adoption and  > more importantly for us to figure out
> how users are  > going to use this technology.  There are lots of great  >
> technologies out that are completely secure but  > utterly useless for
> end-users.
> 
> Consider the story of SSH.
> 
> SSH has one mode, and that mode always secure.  Telnet had two modes,
> regular telnet, and telnet over SSL.
> Telnet over SSL was arguably as secure, in some important ways more secure,
> than SSH, but no one every managed to get telnet over SSL working.  Everyone
> always defaulted to the default (insecure) mode, and so everyone adopted
> SSH, because it was a lot simpler to be secure over SSH, than to use a
> protocol that was basically insecure, with security cumbersomely cobbled
> onto it.
> 
>