Tuesday, February 26, 2008

IETF Journal: Security Protocol Failures

Phillip Hallam-Baker writes in The IETF Journal (Volume 3 Issue 3 - December 2007):

The Internet is insecure, so what went wrong? Contrary to widely held belief, the reasons for Internet security protocol failure are not primarily technical. Failure to understand the risk model and to meet the actual user requirements are much more significant causes of security failure.

The economics of security protocol deployment and security usability engineering are also key: a protocol might as well not exist if it is not used.

Much more here.

0 Comments:

Post a Comment

<< Home