Subject: Re: Microsoft: Closed source is more secure
From: "Stephen J. Turnbull" <turnbull@sk.tsukuba.ac.jp>
Date: Mon, 7 May 2001 22:14:23 +0900

>>>>> "Lynn" == Lynn Winebarger <owinebar@free-expression.org> writes:

    Lynn> I'm trying to answer the original question of "why isn't
    Lynn> this used".

[such as]
    Lynn> (b) "if I design the most secure known <x> application, how
    Lynn> can I avoid being marginalized in the marketplace" or
    Lynn> similar.

[...]
    Lynn>     No, you don't seem to understand.  Qmail's level of
    Lynn> security is irrelevant if it does not provide necessary
    Lynn> features for the needs of the organization looking at it.

I do understand that; it's the core of my argument, too, but poorly
expressed, I see.  qmail sets out to be secure against a certain set
of threats.  My contention is that adding the "security" features you
need would compromise qmail's security on the domain it targets.

If the latest version of sendmail, assuming it has those features, is
secure enough for you, then by all means you should use it.  I think
that means you're not terribly serious about the kind of security that
qmail tries to offer, that's all.

But qmail should not copy sendmail, trying to be everything to
everyone inside of one RPM.  You can already get what to you are
acceptable (it seems) levels of security from sendmail; why try to
shoehorn qmail into that mold, too?

The key to successful business is concentration.  If you really need a
"secure X," whatever "X" may be, then you should let the web site and
the 800 support line go to hell until you _do_ have a secure "X".

You probably don't need a truly secure mailer _plus_ the
authentication feature.  _Other people do_ need the secure mailer,
though, and they may want to use qmail for that application.  qmail
cannot compete with sendmail for the position of "featureful and
random versions are moderately secure" king, so why not go for
"minimal, secure, efficient"?

It has gotten qmail a _large_ share of the market.  Was DJB lucky to
hit on that recipe?  I think not.  After all, he's done it again with
djbdns, which has the honor of being the only alternative to bind I've
heard of in free software.  And djbdns is getting play on several
rather luser-ish Linux MLs I take; I think it will be similarly
successful.

An FSB startup could do worse than to emulate DJB's product design
strategy.


-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."