[32516] in North American Network Operators' Group
RE: Carnivore Update - Public Does Not Care
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Sun Nov 26 11:47:25 2000
Message-ID: <47FE39302BF73B4C93BC84B87341282C1F71@condor.lvrmr.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Quark Physics' <meuon@highertech.net>,
Roeland Meyer <rmeyer@mhsc.com>
Cc: "'Frater M.A.Ch.H. 999'" <azoth@occult.net>, nanog@merit.edu
Date: Sun, 26 Nov 2000 08:42:33 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Quark Physics [mailto:meuon@highertech.net]
> Sent: Sunday, November 26, 2000 6:43 AM
>
> > extra trouble to install it. The proof is the market
> penetration of PGP.
> > Only the geeks tend to use it and SSH is only used by SA
> geeks. The general
> > market DOESN'T CARE!
The following parallels what our marketing department found out (after
launch, unfortunately <sigh>).
> We see roughly several levels of clients:
>
> 70% - "Huh? We're secure, only I have the root password"
> (actual quote)
>
> 10% - Encryption is hard, how about we ZIP the file we send via FTP?
> (not bad, it helps...)
These guys, 80% of the market, will not pay for it either. They will not buy
software packages and they will not buy services either. They don't see a
problem. Can we say "myopic"?
> 10% - SSL encrypted XML posts.
>
> 5% - SCP (SSH) file transfer, known keys on each side + passwords.
This last 15%, are mostly self-serve and actually know that there is a
problem. But, they wont puchase, they don't need to, they're self-serve.
This is where most of us, on this list, fall.
> 5% - Hardware encryption, leased line, keys for hardware encryption
> and passwords delivered in seperate parts by different people
> after identity verification. No physical connections to gateway
> systems. (Federal Reserve, Chase Manhatten Bank...)
The unknown tier, many of them are banks where minimum security is a
regulatory thing. It's a part of doing business. I'm not sure, that if left
to their own devices, that they wouldn't join the majority in in their
apathy.
> Until real data encryption is built into the Operating Systems and all
> software... --mike--
As long as we have Federal Export restrictions, on encryption products, this
will continue to be an optional add-on (Win2K high-encryption pack ain't
that bad. But, it is an add-on, one has to use the update service to install
it).
