Dear Readers:

This issue of Cipher features a timely article about the IETF's revisions of the IPsec protocol. Originally proposed more than 10 years ago, this protocol has seen increasing use, and the recent revisions reflect that experience.

Bob Bruen has contributed his usual interesting book reviews, delving into the new literature on hacking and hardening.

In looking over the recent news article about increasingly sophisticated Internet-based attacks and thinking about the thousands of papers written every year about security-related research, I have begun wondering about how to measure the effectivity of research. Can we shorten the path between research projects and common use, and can we determine if the most important research topics are being covered? Have we ignored the results of past research? Should we revive older work in modern settings? Can industry, academia, and government jointly develop a plan for securing our computer systems and networks within, say, 6 years? If not, are we condemned to a dismal future of increasing dependence on systems that have decreasing resistance to increasingly sophisticated hackers?

I invite contributions to Cipher that explore these questions. In addition to our valued regular contributors, new volunteer reporters are always welcome. A conference write-up noting promising new ideas that will help solve current problems would be one way to help us all develop a perspective on long term security planning.

Hilarie Orman
Cipher Editor