Steven M. Bellovin: Comments on the National Strategy for Trusted Identities in Cyberspace
“The fundamental premise of the proposed strategy is that our serious Internet security problems are due to lack of sufficient authentication. That is demonstrably false. The biggest problem was and is buggy code. All the authentication in the world won’t stop a bad guy who goes around the authentication system, etc. … I fear that people are looking under the lamppost for their keys. While there are certainly some challenges to doing authentication at such scale, it is a much simpler problem than buggy code.”
