MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Interview with Marcus Ranum. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Interview with Marcus Ranum
by Acidus at 10:42 am EDT, Jun 22, 2005

I don't think that the standards committees underestimate security threats; I just think they're too busy doing things that are more important to them -- like holding meetings and writing minutes

Awesome interview. The gist of it is:
-Security sucks because CTO's don't understand proper security, or fail to implement policies because of office politics

-The thumb is *up* the ass. Network security issues have largely been understood since the late 80s. We keep dicking around ever reinventing the encrypted tunnel instead of working on complex and interesting problems.

-IETF and other bodies are so packed with commerical stoogies that they are being ineffective.

-Security is a design, not an add-on. It must exist on all levels. Network security is pointless without host security. Security cannot exist only in layers 3 and 4. It must include the application!

-The popularity of Computers and the Internet is what's killing the industry. Too many uneducated people use it, so most companies are too busy selling them stuff to improving the quality/security of their products. (IE Microsoft's user friendly gui instead of controlled execution of code).

RE: Interview with Marcus Ranum
by Decius at 12:23 pm EDT, Jun 22, 2005

Acidus wrote:
We keep dicking around ever reinventing the encrypted tunnel instead of working on complex and interesting problems.

Such as...

My thoughts on this interview:
1. He is sort of wrong about IPv6. The larger address space makes it harder for worms to propagate.
2. Everything he says about the IETF is right on.
3. The future of network security is in the switch.
4. Interconnecting everything on the internet was not a "dumb idea." Connectivity is more important then security. Focusing on only allowing things that are OK doesn't really work. The minute somebody needs to do something and its not on your list of things you've permitted you're fired.