Sun wades into key management kerfuffle

Sun has thrown its open source key management ideas into the key management standards giant brandy glass, offering license-free management that it hopes will become an industry standard. The generic idea everyone is agreed upon is that encrypting devices using keys should be able to interoperate with any key management system …

This topic is closed for new posts.

Posted Tuesday 17th February 2009 15:32 GMT

Mack Sim

monoculture==BAAD

Well, standardization has a bad name in security circles - it's called monoculture and it's a great way to ensure that everyone gets to be vulnerable all at once, if a vulnerability is found. I'm all for openness, but standardization might be carrying it farther than necessary, or indeed prudent.

Posted Wednesday 18th February 2009 07:42 GMT

Adam White

Interoperability GOOD

I hear what you are saying Mack, but from the end user's perspective it doesn't make much difference really. Either your stuff is secure or it isn't, and potentially if everyone else in the world has the same problem it will get fixed sooner rather than later. At least this way we can sidestep vendor lock-in.

Plus the industry tends towards widespread adoption of best-of-breed solutions, or "de facto standards" like Kerberos, DNS, SSL and so on. Lesser players in the security field tend to become historical footnotes rather than bulwarks against widespread exploitation.

Posted Wednesday 18th February 2009 15:26 GMT

Anonymous Coward