On 20-jul-2005, at 18:35, Hallam-Baker, Phillip wrote:
Thus far law enforcement outside the US have arrested and prosecuted
considerably more suspected Internet criminals than the US.
This may come as a surprise to you, but the rest of the world is
actually larger than the US. (Oh wait, there I go with that dreaded
sarcasm. Sorry.)
I am sure the majority of the people in this forum would prefer to
look
at ways of securing the Internet to protect against the real internet
criminals stealing pensioners' life savings
???
How can you secure a communication channel against crime in general?
If you expect the IETF to stop pensioner savings stealing, you're
setting yourself up for a big disappointment.
The end-to-end absolutist approach to Internet security has been
attempted in this forum for 20 years. The results do little to
recommend
the theory. There is not one example of successful deployment of
system
built to that architecture. By deployment here I mean used, not simply
shelfware.
SSL is far from perfect, but I wouldn't say it's shelfware. It allows
consenting hosts to secure themselves against men in the middle and
eavesdroppers without aid from the network. E2e in its purest form,
I'd say.
It is time to consider the possibility that alternative approaches
might
be valid at the very least.
Such as?
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf