On 4/20/21 01:46, bzs@theworld.com wrote:
If they want to protect trillions of dollars in assets maybe they need to toss in a few billion to help, and stop hoping some bad press for the technical community will shame some geniuses into dreaming up better security for them mostly for free in terms of research and specs and acceptance but that's the hard part.
You know what the net did successfully produce, over and over? Some of the wealthiest individuals and corporations etc in the history of civilization. Maybe the profit margins were a little too high and now we're paying the price, or someone is.
For the most part, services that (want to) rely on security are providing their own security solutions. But they are bespoke, and each one is designing and pushing out their own solution in their own silo. So users have to contend with a multitude of security ideas that each of the services they consume come up with. Standardization, here, would go a long way in fixing much of this, but what's the incentive for them to all work together, when "better security" is one of their selling points? If, "magically", the Internet community came up with a solution that one felt is fairly standard, we've seen how well that would be adopted, a la DNSSEC, DANE and RPKI. At the very least, the discussions need to be had; but not as separate streams. Internet folk. Mobile folk. Telco folk. Service folk. Mark.