The trust issue is a constant concern in the tech world (SSL certificates, firewalls, authentication/authorization/accounting, blockchain, etc). The problem is that the approaches adopted don’t make it into the public until it’s late for two reasons:
They tend to cost money
They take effort
Every once in a while some service comes out that strikes a good balance and brings forth a paradigm shift. Letsencrypt did that for SSL, zero trust did it for internal systems communication, and so on. However there’s always lag in adoption of security measures, and it only takes one malicious actor adopting new technology to blow a hole wide open in “tried and true” security and trust measures.
The trust issue is a constant concern in the tech world (SSL certificates, firewalls, authentication/authorization/accounting, blockchain, etc). The problem is that the approaches adopted don’t make it into the public until it’s late for two reasons:
Every once in a while some service comes out that strikes a good balance and brings forth a paradigm shift. Letsencrypt did that for SSL, zero trust did it for internal systems communication, and so on. However there’s always lag in adoption of security measures, and it only takes one malicious actor adopting new technology to blow a hole wide open in “tried and true” security and trust measures.