On 7/1/10 6:36 PM, Mike Schwartz wrote:

Interesting take on PKI and security

http://www.schneier.com/paper-pki-ft.txt

a favorite take-away quote, from it:

"[...] security is very difficult, both to understand and to implement. "

The biggest problem with security is that most (nearly 99%) do not understand it,
the reasons for it or how to implement and use it. Those few that do can largely be counted
as a very small number (less than 1,000) in the entire field and a lot of them spent
years leaning how.

I personally know enough to know I *really* don't know nearly enough (and perhaps just enough to
keep the honest people honest and that's about it).

as for the 2 models presented, each has its own Achilles heal.