Paul Ferguson <ferguson @
cisco .
com> wrote:
> Having said that, I become less and less convinced that firewalls
> make much of a difference in the long run, and in the grand scheme
> of things, they are only a small fraction of the evolving technology
> of the overall security architecture. Pervasive encryption and a
> sound key-management infrastructure is truly the direction in which
> we, as an industry, need to move full steam ahead.
Crypto gets you no benefit until you first have physical security
then OS security. I don't see the need for firewalls diminishing.
Each component has its contribution to bring.
Bruce Schneier has a PostScript presentation (55 pages) on
www.counterpane.com from the "Beyond HOPE" meeting in New York last month.
It's big on the limitations of crypto, and even hyperbolates:
"If you think cryptography can solve your problem, then you don't
understand your problem and you don't understand cryptography."
As for the undoubted benefits of crypto - bend the ears of your gub'mint
representatives for no further restrictions, and no government-supplied
"infrastructures".
Any specifics in mind when you say "full steam ahead" ?
(Authenticated DNS can't come too soon.)
--
##############################################################
# Antonomasia ant @
notatla .
demon .
co .
uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
Follow-Ups:
|
|
