North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Carnivore Update - Public Does Not Care
> From: Quark Physics [mailto:[email protected]] > Sent: Sunday, November 26, 2000 6:43 AM > > > extra trouble to install it. The proof is the market > penetration of PGP. > > Only the geeks tend to use it and SSH is only used by SA > geeks. The general > > market DOESN'T CARE! The following parallels what our marketing department found out (after launch, unfortunately <sigh>). > We see roughly several levels of clients: > > 70% - "Huh? We're secure, only I have the root password" > (actual quote) > > 10% - Encryption is hard, how about we ZIP the file we send via FTP? > (not bad, it helps...) These guys, 80% of the market, will not pay for it either. They will not buy software packages and they will not buy services either. They don't see a problem. Can we say "myopic"? > 10% - SSL encrypted XML posts. > > 5% - SCP (SSH) file transfer, known keys on each side + passwords. This last 15%, are mostly self-serve and actually know that there is a problem. But, they wont puchase, they don't need to, they're self-serve. This is where most of us, on this list, fall. > 5% - Hardware encryption, leased line, keys for hardware encryption > and passwords delivered in seperate parts by different people > after identity verification. No physical connections to gateway > systems. (Federal Reserve, Chase Manhatten Bank...) The unknown tier, many of them are banks where minimum security is a regulatory thing. It's a part of doing business. I'm not sure, that if left to their own devices, that they wouldn't join the majority in in their apathy. > Until real data encryption is built into the Operating Systems and all > software... --mike-- As long as we have Federal Export restrictions, on encryption products, this will continue to be an optional add-on (Win2K high-encryption pack ain't that bad. But, it is an add-on, one has to use the update service to install it).
|