security

[James A. Donald]

     --
Scott Kveton wrote:
 > Exactly!  This is my point.  Just like the web was
 > originally only a novelty, over time, it developed the
 > tools and services needed to do commerce and comply
 > with government regulations.

Except that it is not working - as you can tell when you
open your mailbox and it is full of phishing spam.

Repeating once again the message from the authors of
"Practical Cryptography"

: :    Systems can rarely be developed from scratch, and
: :    often need to be secured incrementally or after
: :    development.  Systems need to be backward
: :    compatible with existing insecure systems.  Both
: :    of us have designed many security systems under
: :    these constraints, and we can tell you it is
: :    practically impossible to build a good security
: :    system that way

The example of SSH tells us that it is hopeless to try
to make secure use compatible with existing insecure
use.  Instead, those who do not need security have to be
compatible with those that do.


     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      kenmJWn8CUOHmIDMrqbyPkWfuAdL9b563c73Grhu
      48+GRrEha19nGV3ZQHMpb4RUv8a7USAbOhqY/lxmQ