security

[Alaric Dailey]

Nothing is completely secure, but designed to be secure from the beginning?


SSH springs to mind
SILC is new so it isn't widespread
NET remoting (also fairly new but catching on fast)
IPSec (this one is kind of cheating as it was a new solution to an existing
problem and replaces the poorly done original solution)
Tor 

  

-----Original Message-----
From: Scott Kveton [mailto:scott at janrain.com] 
Sent: Monday, October 23, 2006 10:21 AM
To: Alaric Dailey; James A. Donald
Cc: general at openid.net
Subject: Re: security

> Or SMTP, or POP3 or IMAP or the failed SSL encryption that was built 
> into 1 version of AIM.
> 
> Same story.

Can folks give me an example of something that was comopletely secure from
day one and that got wide-spread adoption?

- Scott



> -----Original Message-----
> From: James A. Donald [mailto:jamesd at echeque.com]
> Sent: Monday, October 23, 2006 7:08 AM
> To: Scott Kveton
> Cc: Alaric Dailey; general at openid.net
> Subject: Re: security
> 
> Scott Kveton wrote:
>> I'm not saying we shouldn't secure this technology.
>> Its absolutely critical.  However, I believe "simple  > and open" 
>> need to
> come first to aid in adoption and  > more importantly for us to figure 
> out how users are  > going to use this technology.  There are lots of 
> great  > technologies out that are completely secure but  > utterly 
> useless for end-users.
> 
> Consider the story of SSH.
> 
> SSH has one mode, and that mode always secure.  Telnet had two modes, 
> regular telnet, and telnet over SSL.
> Telnet over SSL was arguably as secure, in some important ways more 
> secure, than SSH, but no one every managed to get telnet over SSL 
> working.  Everyone always defaulted to the default (insecure) mode, 
> and so everyone adopted SSH, because it was a lot simpler to be secure 
> over SSH, than to use a protocol that was basically insecure, with 
> security cumbersomely cobbled onto it.
> 
>