The problem is that a) of course the security folks cannot do all
the security
development, but b) they have almost entirely failed to provide the
rest of us
with the tools and guidance we need. Pure "education" about
security issues is
not enough. We need things that are much more applied.
Dave,
I think this begs the question of whether currently known and
deployable security technologies are actually adequate to the task of
securing our networks and networked protocols. I don't mean this to
sound flippant, but it's not clear to me that they are adequate.
If nothing else, it seems that the diverse and growing set of threats
in the Internet environment, coupled with exponential increases in
CPU speed per unit cost, force us to teeter on the "bleeding edge" of
security technologies - with most users and providers unable to stay
balanced on that edge and falling victim to frequent attack.
At any rate, the problem might not be so much a lack of easy-to-use
tools and guidance as a lack of technology.
Keith
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf