Another entry in the internet security hall of shame....
Paul Hoffman
paul.hoffman at vpnc.org
Thu Sep 1 12:07:11 EDT 2005
At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
>Are we now at a point where we must admit that PKI isn't going to happen
s/happen/happen in a widely useful fashion/
> for the Web
s/Web/Web and email/
> and that we therefore must face the rewriting of an unknown (but
>presumably large) number of lines of code to accomodate PSKs?
Self-signed certificates that are fingerprinted out-of-band are
better than PSKs in some situations, worse in others.
> If that's so, I believe that PSKs will have deployment problems as
>large as PKI's that will prevent their widespread acceptance.
Bingo.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list