These can accomplish something similar, except more secure and hide the entire address, not just the port. In fact they likely provide the same level of one-time usage without requiring any special clients. Clients merely need to know a secret, fixed DNS name. Of course everyone would have to use IPv6 and there aren't any practical applications available yet.
It's already been proven that the commercial sector has a great deal of difficulty with security
You are claiming government security is better? Unless it is run directly by the NSA, it probably won't be much better in that respect. The dept of Homeland Security is running on M$.
You can get a cert right now without paying a rediculous fee. You can create your own CA right now. Your friends can sign your CA certificate and create a web of trust. As you begin to trust your friends more, you can stop trying to filter their incoming connections for spam, and focus on mail from people outside of your web. If the major ISPs formed a partnership in this way, then mail from their systems would at least be authenticated, and there wouldn't be a single root, owning the responsibility of all email users on the planet.
The only reason you think you have to pay that now is because VeriSign has a monopoly, and they have convinced everyone that the only way to become trusted is to register with them. They should be sued under anti-trust and broken up. We have laws against monopolies in this country you know.
However, by leaving it in commercial hands, there is at least the option of splitting up the task. Putting all that power in one place is extremely dangerous, no matter where it is. Giving the government more power of this right now is just stupid if you ask me. That is, so long as we continue to elect tyrants.
Now, I agree the process behind it should be open. Perhaps government regulation of a number of private entities would be a middle ground? Sorta FDIC-style?
since once the issuer has issued the certificate, he doesn't have to protect any part of it himself
Uh, reality check. The issuer has to diligently protect its private key(s), and the keys that he receives from clients during transactions. Both from hacking into machines that store it, and from people cracking it on their own time. Public key isn't always as secure as most people believe.
And this doesn't even address people's ability to impersonate others while signing up for that cert. Or having a good process in place to revoke certificates when machines are compromised. Or making sure that certificates can't be revoked by third parties posing as the client. Or...
Honestly, putting this in government hands sounds a lot like advocating national ID numbers. It looks good on the surface, but the modes of failure could be catastrophic.
Besides, the average user has no need to be accessible from any other machine, and especially not from outside the local network. Use NAT, separate users from each other, and be done with it.
Yeah, that'd be great.
I'd create a wonderful place for college students to learn about sysadmin, experiment with networking protocols and just generally feel like they have the freedom to express themselves. Or maybe not.
Until there is a benefit, why expend the resources.
There are plenty of benefits to IPv6 beyond the number of addresses.
The problem is, most people haven't gotten off their ass and learned about them, so they only see the most obvious benefit.
Take a look at it sometime. Improved security (integrated IPSEC), faster routing, easier load-balancing (anycast), and link-local autoconfiguration are all nice features. I am no networks expert, but even I was drooling when I read into IPv6 and learned of these features.
Slashdot Mirror
These can accomplish something similar, except more secure and hide the entire address, not just the port. In fact they likely provide the same level of one-time usage without requiring any special clients. Clients merely need to know a secret, fixed DNS name. Of course everyone would have to use IPv6 and there aren't any practical applications available yet.
Info here.
Once you get that SQL-injection exploited, check out the XSS on the login form.
After they fix the injection, kick off some nasty HTML emails to the members and harvest their new passwords. =)
It's already been proven that the commercial sector has a great deal of difficulty with security
You are claiming government security is better? Unless it is run directly by the NSA, it probably won't be much better in that respect. The dept of Homeland Security is running on M$.
You can get a cert right now without paying a rediculous fee. You can create your own CA right now. Your friends can sign your CA certificate and create a web of trust. As you begin to trust your friends more, you can stop trying to filter their incoming connections for spam, and focus on mail from people outside of your web. If the major ISPs formed a partnership in this way, then mail from their systems would at least be authenticated, and there wouldn't be a single root, owning the responsibility of all email users on the planet.
The only reason you think you have to pay that now is because VeriSign has a monopoly, and they have convinced everyone that the only way to become trusted is to register with them. They should be sued under anti-trust and broken up. We have laws against monopolies in this country you know.
However, by leaving it in commercial hands, there is at least the option of splitting up the task. Putting all that power in one place is extremely dangerous, no matter where it is. Giving the government more power of this right now is just stupid if you ask me. That is, so long as we continue to elect tyrants.
Now, I agree the process behind it should be open. Perhaps government regulation of a number of private entities would be a middle ground? Sorta FDIC-style?
since once the issuer has issued the certificate, he doesn't have to protect any part of it himself
Uh, reality check. The issuer has to diligently protect its private key(s), and the keys that he receives from clients during transactions. Both from hacking into machines that store it, and from people cracking it on their own time. Public key isn't always as secure as most people believe.
And this doesn't even address people's ability to impersonate others while signing up for that cert. Or having a good process in place to revoke certificates when machines are compromised. Or making sure that certificates can't be revoked by third parties posing as the client. Or...
Honestly, putting this in government hands sounds a lot like advocating national ID numbers. It looks good on the surface, but the modes of failure could be catastrophic.
Rpm with apt is just as good as deb with apt.
BZZT. Wrong. Debian packages have recommends, suggests, and a whole host of things that RPMs don't, which makes dependency resolution easier.
Not to mention the strict policy debian has wrt to packaging... which is probably the biggest reason debs are easier to manage than rpms.
Besides, the average user has no need to be accessible from any other machine, and especially not from outside the local network. Use NAT, separate users from each other, and be done with it.
Yeah, that'd be great.
I'd create a wonderful place for college students to learn about sysadmin, experiment with networking protocols and just generally feel like they have the freedom to express themselves. Or maybe not.
Post again when you get a clue.
Until there is a benefit, why expend the resources. There are plenty of benefits to IPv6 beyond the number of addresses. The problem is, most people haven't gotten off their ass and learned about them, so they only see the most obvious benefit. Take a look at it sometime. Improved security (integrated IPSEC), faster routing, easier load-balancing (anycast), and link-local autoconfiguration are all nice features. I am no networks expert, but even I was drooling when I read into IPv6 and learned of these features.