I have a hammer.
It's been driving nails just fine for twenty years. It's a first rate
hammer, for which I paid top dollar. It's a really useful tool. But when I
try to open beer bottles with it, I end up with glass splinters in my beer.
What gives?
As has been pointed out many times in many ways, the Internet was not
originally designed as a secure network, nor for many of the other tasks we
now wish it to perform. Should we have implemented something in another
way? Moot question, we have what we have. Should we learn from our
mistakes, and when we can see something that appears to be yet another
mistake (no matter how appealing it is as a "quick fix"), avoid making that
mistake?
We clever, clever engineers have come up with a number of interesting
"solutions" (workarounds?) for the limitations of the network we have
created. Some of them are, in the long run, not good ideas, although they
are useful as interim solutions. Some of them are just too violent to the
rules of the game as they are defined (by us!), and/or establish technical
or process precedents that are too dangerous to be allowed.
-- Ian King
-----Original Message-----
From: Paul Francis [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 07, 2000 12:13 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: recommendation against publication of
draft-cerpa-necp-02.txt
>
> In my 20+ years of security experience in the Internet community, it
> has often been the arguments for the need to make do with existing
> features or to adopt quick fix solutions that have retarded the
> deployment of better security technology. In retrospect, this
> approach has not served us well.
>
I have a time machine.
I just went back 20 years in time, convinced everybody that it
was always more important to implement proper security than to
make do with existing features and quick fix solutions. Having
thus changed the future, I went back forward in time.
Guess what---there was no internet!
PF
