There are too many noninteroperable encryption/authentication systems and products, with more to come. It is almost impossible for an organization with a deployed, heterogeneous operating system and network infrastructure to provide one standard over all platforms or to obtain sufficient interworking between a range of (unharmonized) products.

A generally available public key infrastructure (PKI) is still missing. While corresponding standards have been available for some time, a common PKI is not yet been provided on the Internet, and many of the regulations concerning digital certificates are still pending. In addition, interoperability problems have plagued the deployment of PKIs and corresponding directories, as well as “PKI-ready” products provided by different vendors.

There is an open debate as to which security services should be provided by which functional layer (network, operating system, middleware, application, or presentation). While some have championed IPv6 and its security elements as the end of all security problems on the Internet, it is still unknown (and consequently not reflected in the deployed IT base) which security service elements will be provided and accepted by the market as part of the networking base, the operating system, or application services.

The interworking ...