Security Top Concern for New IETF Chair

← Back to Stories (view on slashdot.org)

Security Top Concern for New IETF Chair

Posted by CowboyNeal on Saturday July 28, 2007 @03:13AM from the into-the-hot-seat dept.

BobB writes "New IETF chair Russ Housley speaks out about bolting security on after the fact, the prospects for IPv6 and a new security technology called Hokey that could help safeguard wireless and wired networks."

3 of 54 comments (clear)

Min score:

Reason:

Sort:

Huh? by khasim · 2007-07-28 03:26 · Score: 3, Insightful

Do IETF participants have the will to go back and fix insecure parts of the Internet? For example, everyone knows about the lack of security in HTTP, but there seems little will within the IETF to fix the HTTP authentication problem.

That's because in the case of HTTP, and I suspect in many others, there's little agreement about what's the most important security feature to add. When you say that we'll just fix the most egregious things, then you get into an argument about where to draw the line. In the case of HTTP, the biggest concern is authentication and that is primarily solved by [Transport Layer Security]. Why not mandate TLS? That's a very good question.

Why "mandate" anything? People who want to run a site with encrypted communications CAN run a site with encrypted communications. Come on people! HTTPS.

Pretty much a fluff piece. It seems that the interviewer only had some buzzwords and a vague feeling that something was somehow insecure.
1. Re:Huh? by caluml · 2007-07-28 03:28 · Score: 4, Insightful
  
  I think a large part of why more people don't use HTTPS is because a:, the certificate problem, and b:, the fact you can't use named based virtual hosts if you do.
  
  --
  Get your own free personal location tracker
The best of Verisign AND the NSA!! by Anonymous Coward · 2007-07-28 03:52 · Score: 1, Insightful

Housley: "VeriSign is giving me a check a month, and the National Security Agency is paying my travel costs. "

What could go wrong here?