Long-time readers know that I often rant about how insecure the Internet is, and how few solutions will do anything to change that equation during the next 5 to 10 years. I've also recommended a handful of solutions over the years, and accepted the resulting criticism that goes along with proposing big ideas.
Privately, and not so privately in this column and other public forums, I've been proposing specific solutions to make the Internet significantly more secure during the next five years. If you know me personally, you would also know that other than my family, I think of nothing else but how to secure the Internet. I've been thinking about it since the early 1990s, every waking hour of every day. I think about it during my early morning workouts, in the shower, while stopped at stoplights, and while getting my haircut. It's no exaggeration, although it's more than a little embarrassing to admit that I spent my honeymoon thinking and writing about a possible solution. Thankfully, my lovely wife understands my quest. I truly think that, work-wise, I was put on this planet to make the Internet a more secure place to compute. Mentally, it defines who I think I am. If I fail to assist in this endeavor, in some measurable way, then I haven't met a major life goal.
Recently, two of my biggest ideas have independently ended up in other group's proposals and standards (neither group appears aware of my ideas). One was Microsoft's End-to-End Trust, announced a few weeks ago at the last RSA conference; and the other the recently announced Trusted Computing Group's IF-MAP standard. Although I've proposed very similar ideas, in this column and other online forums, only participating readers are aware of the early existence of my ideas (as compared to the newer initiatives).
It reinforced the notion that I'm not alone in my thinking, of course, and that many other individuals have the exact same ideas. What human good might happen if we shared and debated our ideas? In that spirit I've decided to release a formal whitepaper entitled Fixing the Internet: A Security Solution. It encompasses all my main ideas, including how to practically build on the ideas of End-to-End Trust and IF-MAP (which are both laudable solutions).
Here is a brief re-cap of the document: Any solution proposed to secure the Internet must be:
- Vendor Independent (Non-Proprietary)
- Using an Open and Transparent Process
- Voluntary Opt-In
- Performance Neutral
- With Least Service and End-User Interruption as Possible
- Driven by User and Vendor Self-Interests
As difficult and complex as this seems at first, it can be accomplished.