Security is a very interesting problem. It has both applied and blah blah blah.
What I mean to say is that it has cool math and some interesting social implications. The whole network security “problem” arises from the fact that we want to keep things private, and that the networking systems were designed inside an academic culture of trust. This kind of hearkens back to an e2 node I wrote (Learn to Program: Philosophies of Coding), but I think it’s also useful to analyze systems and think about what we want. What problems do we face where our underlying thought patterns might be wrong and getting in the way?
We often think about systems as “granting access”. I contend that the real problem is not “granting access”, but is instead “denying access”. If we keep thinking about the problem as one of giving access to a person rather than “how to deny the rest of the world access”, then I contend our systems will be less safe and secure.
Wikipedia is a nice example – they ban IPs, but do not require logins. They are a fantastically successful project, and they are doing it via the “deny” model rather than the “accept” model.
Grid Computing, for example, seems horrifically stalled because they are trapped in a “how can I grant access” mentality.
I think that this has lots of other applications, to things like p2p security and the like, but since I’m not currently doing much in those areas, I simply can hope that others will try thinking of things this way.
