Another entry in the internet security hall of shame....

Paul Hoffman paul.hoffman at
Thu Sep 1 12:07:11 EDT 2005

At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
>Are we now at a point where we must admit that PKI isn't going to happen

s/happen/happen in a widely useful fashion/

>  for the Web

s/Web/Web and email/

>  and that we therefore must face the rewriting of an unknown (but 
>presumably large) number of lines of code to accomodate PSKs?

Self-signed certificates that are fingerprinted out-of-band are 
better than PSKs in some situations, worse in others.

>   If that's so, I believe that PSKs will have deployment problems as 
>large as PKI's that will prevent their widespread acceptance.


--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list