> I would rather say that the task of designing the access control
> of a complex system interacting with many different subjects is too
> complicated to be left to the programmer only.
> Is the security problems we are dealing with on the Internet really
> all about lack of enough encryption? Will IPSEC/CFS/PGP/PEM whatever
> solve the problems, given that those "sloppy programmers" code the
> right way.
> I believe the margin for error is too small in the task of programming
> today. An overrun buffer is quite easy to miss.
I disagree.. If oyu make a habit of checking all strings for length
never overrun.. I dont htink that encrypting everything will make that
much difference, unless you want to be on the net for a status symbol,
and not actually do anything (are you gonna encrypt everything to sendmail
and not tell anyone the keys? if so, why not just disable sendmail?)..
Encryption is also not the answer for everyone.. What about the public
web servers.. Are they gonna encrypt and not let anyone on? It would
be a waste of money to have the pages..
There seems to be 2 major holes that are reoccuring.. Overrun buffers,
and people not checking inputs (race conditions pop up every now and again too
but i think that they are less).. The checking inputs is easy.. Always
check, and double check anything that comes from an outside source..
The buffers are easy too.. Always check, and disregard anything that is too
long (possibly reporting an error too)..
> I think one should look at how to mediate the access control
> information within the process in a consistent and failproof way
but again, not everyone is a super secret company, some people are actually
runing public servers and by definition allow everyone on..