[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on U.S. should fund R&D for secure Internet protocols, Clarke says
------ Forwarded Message
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 01 Nov 2002 10:51:33 -0500
To: dave@farber.net
Cc: ip <ip@v2.listbox.com>
Subject: Re: <[IP]> U.S. should fund R&D for secure Internet protocols, Clarke
says
I'm glad to hear that the govenrment wants to secure the Internet. And
I agree that the DNS and BGP need securing -- I wrote some of the
earliest papers descring attacks based on those. But for the most part,
they're aiming at the wrong targets.
*The* biggest security problem we have is buggy code. A National
Reseach Council committee (I was a member of it) noted in 1999 that 85%
of CERT advisories to that point were for problems that couldn't be fixed
with crypto.
Yes, we need to design security into our protocols. As one of the
Security Area directors for the IETF, I spend a lot of time making sure
that protocols do have the proper security. But that's the easy part.
I can wave my magic wand and deploy crypto everywhere. I don't have a
big enough wand to fix all the bugs.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
------ End of Forwarded Message
-------------------------------------
To unsubscribe or update your address, click
http://v2.listbox.com/member/?member_id=125275&user_secret=1aa8f2d6
Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC