Marc Andreessen says:
I fully expect we'll be supporting other security standards and approaches as they emerge, and we certainly welcome realistic suggestions on what we should do, when, and how.
I told you in Email, Mr. Andreessen, that new transport level security protocols are useless now that IPSP has come near to standardization and now that prototype implementations are nearly available. Many people at IETF in other groups expressed far less interest in proceeding with new security protocols now that there will be a network layer security protocol. However, you did not appear to be remotely interested. I suppose that you considered the comment I made "unrealistic". Personally, I consider to be unrealistic the notion that the same group of programmers who a year or two ago thought that the way to remove files on a Unix system was to use system(3) to call rm via the shell will be standardizing security -- after all, they couldn't produce a secure piece of software to begin with. My current presumption is that since the same programmers who produce Mosaic produced Netscape that, although pretty looking on the outside, it is just as bad on the inside: like a beautful marble skyscraper that is held together on the inside with chewing gum, toothpicks and rusty bailing wire. I have discouraged clients from using Netscape in the absense of source because there is no way to look for the security holes that are surely lurking within it; unfortunately, the product is just too pretty looking. By all means, of course, work on any security system you like. The burden will be on you to convince people to use it. Perry