Interesting People mailing list archives
more on U.S. should fund R&D for secure Internet protocols, Clarke says
From: Dave Farber <dave () farber net>
Date: Fri, 01 Nov 2002 10:55:40 -0500
------ Forwarded Message
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 01 Nov 2002 10:51:33 -0500
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: <[IP]> U.S. should fund R&D for secure Internet protocols, Clarke
says
I'm glad to hear that the govenrment wants to secure the Internet. And
I agree that the DNS and BGP need securing -- I wrote some of the
earliest papers descring attacks based on those. But for the most part,
they're aiming at the wrong targets.
*The* biggest security problem we have is buggy code. A National
Reseach Council committee (I was a member of it) noted in 1999 that 85%
of CERT advisories to that point were for problems that couldn't be fixed
with crypto.
Yes, we need to design security into our protocols. As one of the
Security Area directors for the IETF, I spend a lot of time making sure
that protocols do have the proper security. But that's the easy part.
I can wave my magic wand and deploy crypto everywhere. I don't have a
big enough wand to fix all the bugs.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
------ End of Forwarded Message
-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
http://v2.listbox.com/member/?member_id=125275&user_secret=1aa8f2d6
Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on U.S. should fund R&D for secure Internet protocols, Clarke says Dave Farber (Nov 01)
- <Possible follow-ups>
- more on U.S. should fund R&D for secure Internet protocols, Clarke says Dave Farber (Nov 01)
