Timo Schoeler wrote: > thus Robert Moskowitz spake: > >> Timo Schoeler wrote: >> >>> thus Eero Volotinen spake: >>> >>> >>>>> Probably not, or someone would have found them in the last five years. >>>>> >>>>> >>>> Probably yes, it's hard to security audit complex software packages. >>>> >>>> >>> Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA >>> (when it hits the streets for production). That does NOT mean that it is >>> scalable (well, yet to prove). >>> >>> >>> >>>>>> At least I don't want to run software with poor security track on my >>>>>> public servers. >>>>>> >>>>>> >>>>> So you don't run the Linux kernel? Wade through the changelog sometime. Or >>>>> BIND? it is unrealistic to think large software packages don't have bugs or >>>>> that they won't be found and fixed over time. >>>>> >>>>> >>>> I usually prefer softwares with good security track. Anyway kernel is >>>> not usually exposed directly to internet, >>>> >>>> >>> An IP stack which is part of the kernel *is* (more or less) directly >>> exposed to the internet as long as there's the appropriate cable >>> connected to that machine. >>> >> I am working on Smart Grid and am hearing talk about we can secure the >> Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a >> presentation on this at the 802 meeting last week. Sometimes I feel like >> I am beating on mush... >> > > Ah, you're talking of 802.1x? Nothing funnier than marketing guys > telling you how to secure and run your network. ;) Worst. 802.1X is admission control. It is NOT Layer 2 security. 802.1AE, 802.11i CCMP are examples of Layer 2 security. Now 802.1X tends to run a Key Management System to provide keying for Layer 2 security.