For want of a single ethernet card, an airport was lost ...
Paul Ferguson
fergdawg at netzero.net
Tue Aug 21 03:48:13 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Stephen Sprunk" <stephen at sprunk.org> wrote:
>Such secondary procedures are okay in the banking world, where you can
>back
out transactions that an audit reveals are fraudulent after the fact. The
same does not apply to letting persons across a border where you can't
retroactively deny them entry after they've killed a bunch of people (and,
most likely, martyred themselves). It's the same problem with voting
systems, actually: the anonymity requirements mean all security hinges on
making sure only authorized people vote, and only once at that; you can't
back out fraudulent votes after they're cast, which is why all of the
attacks are on the authorization system and being undetected in an audit
doesn't matter.
>
It does matter.
Unfortunately, find ourselves in a position where easy business
decisions allow people to make very bad technical decisions, and
put the integrity of their network security directly in the path of
"test".
"Test" is not a good business decision, because if there is
a possibility where things can be compromised, generally they will be.
We (collectively) have done a very fine job of delivering
functionality first, and security secondly.
That puts most of us in the position of the 'Little Dutch Boy',
with our finger in the security dike.
So, having said all that, it's pretty difficult to figure out
where the problems and solutions actually meet.
We're actually at a very difficult cross-roads right now.
Cheers,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFGymB3q1pz9mNUZTMRAssqAJ4+J5jhtDoFWO81cjSvZ9JXArTMqgCguyzL
R3oyka3IzcgVPtiFaYNOUUo=
=2oUE
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list