| It's still pretty expensive for very little added security benefit, which the added complexity might negate. How many bits of security does this add? 5 or 6? Maybe 32? People deploy ad hoc obscurity hacks like port-knocking because we have doubts our standard access-control infrastructure (e.g. libssl, SSH). It would be less wasteful to take the resources being spent on these hacks, and pool them together into projects that would boost our confidence in the infrastructure, instead. I can think of lots of security infrastructure projects that could probably use more resources: - The various libssl projects could probably use more resources. - There is at least one team working on formal proofs of implementation correctness for libssl. - Sandstorm.io is developing ways to move web access control (including CSRF protection) to an intermediate layer, rather than relying on individual web applications to get it right. - U2F is trying to bring cheap hardware tokens to web users, but it needs better support across the web. - Let's Encrypt/ACME is working on making it feasible to deprecate plaintext HTTP. There's still a lot of distro integration work to be done. - There's an IETF working group working on moving transport security into TCP itself (tcpinc). If it's done well (i.e. gets enough eyeballs), this could replace "libssl version hell" with straightforward socket file descriptors. - Most developers have no idea how to develop formal proofs of implementation correctness alongside their code. Educational materials would be great, here! - There are many, many legacy systems running still known-insecure software/protocols that need to be upgraded or worked around. |