Keynotes @ RSA

The security company RSA is hosting a conference this week in San Francisco, at which I'll be speaking tomorrow on a minor panel.  This morning however is the big keynote set of speeches.  And what is most striking to me is, if you will forgive me, the lack of humility in the security researcher community.  This conference is teeming with IT folks who are brilliant.  They are great engineers and some of the panels that are being offered are mind-boggling in their intricacy and complexity of cyber work. And yet ... I am watching a panel of really great cryptographers being asked their opinion on whether or not the ITU should take over the network management.  As readers of this blog know, I think that's a huge problem -- and one to which more attention needs to be paid.  So I certainly welcome the question being asked -- but in the back of my mind I wonder whether a PhD in cryptography qualifies one to have an influence on the answer.  To be clear -- I am not saying that an informed discussion excludes anyone.  But there is something about the policy and law field that makes everyone think they can provide the answers -- and naturally, the cryptographers (with one notable exception) opted for technical solutions to block adverse internet governance.   That seems to me a plausible answer -- but not a self-evident one.  And it comes with little (no?) acknowledgment of the possible difficulties in implementing this solution -- i.e. the objections of a lot of sovereign nations. Likewise, in an earlier keynote Niwaf Bitar of Juniper called for greater use of active cyber defenses.  I support that idea generically, as well -- but in the keynote there was not even an acknowledgment of the potential downsides of the proposal.  Again, I am not asking for detailed consideration --- but I wonder if some of the leaders here even recognize the potential problems?  At a minimum, it makes me wonder about the content of an otherwise great talk. Later, if I understand the talk, I'll report on DevOps security myths and DLL-Sideloading.   [Actually, I won't -- because I know that's beyond me!]