> More attractive targets need more secure, less easy to use, systems.
That seems to me like a justification for doing the least amount of work needed. Sure, it's true to some degree, but (taking this case as an example) PKI is objectively uncountably better than a PSK-like structure. There's a base security level and until that's reached, there's no need to expend money and time or inconvenience users to gain greater security. Anyone who doesn't get to that level while designing a project of any importance is a lazy idiot.
Yeah this is a fair point, didn't mean to suggest that easy security wins that dont't inconvenience the user or add cost in some other way aren't worth making.
That seems to me like a justification for doing the least amount of work needed. Sure, it's true to some degree, but (taking this case as an example) PKI is objectively uncountably better than a PSK-like structure. There's a base security level and until that's reached, there's no need to expend money and time or inconvenience users to gain greater security. Anyone who doesn't get to that level while designing a project of any importance is a lazy idiot.