Security? Don’t bother until it’s needed says RFC
All-or-nothing approaches to security are part of what’s making it so hard to achieve acceptable protection, a new RFC suggests.
Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don’t have the same capabilities, the connection fails – can result in users avoiding encryption, for example, because it’s too inconvenient; or administrators switching off because user problems are too frequent.