How to fix the Internet

Posted by Ken Y-N on May 19th, 2008 at 02:34pm

I thought this was an excellent article by Roger Grimes on the challenges to be faced in making the internet more secure; quite frankly it would be hard to make it less secure these days, what with reports just this week alone of an XSS attack on PayPal and Debian (and Ubuntu) pumping out utterly insecure passwords due to a two-year-old bug.

He came back from the recent RSA and Interop conferences with his head filled with Microsoft’s End to End Trust proposals and the Trusted Computing Group’s Trusted Network Connect Workgroup’s IF-MAP (Interface for Metadata Access Point) protocols, and saw how they could work together to realise a new, better internet.

He has written a very detailed white paper called Fixing the Internet which is well worth a read. To implement it all it needs is:

It will require two major Internet infrastructure changes. First, it will require a global, Internet security “dream team” to meet and solve the problems. Second, it will require a new global Internet security infrastructure service to handle the dream team’s global initiatives.

That’ll be easy.

He got a lot of positive feedback, and just as much negative feedback. The main complaint, not surprisingly, was that the solution destroys personal privacy. The defense is that that is by design. The more detailed defense is that privacy is not a black and white solution:

Further, my solution doesn’t require that you give up privacy. It only requires that you give up privacy to interact in the most optimal way with a destination that also requires that you give up your anonymity, but only during a transaction requiring it.

It’s all very thought-provoking stuff; read the original post at InfoWorld here, and the followup here.

Tags: infoworld