Fwd: Re: new tech report on easy-to-use IPsec

Adam Aviv aviv at cis.upenn.edu
Wed Aug 11 12:21:47 EDT 2010


I think the list may get a kick out of this.

The tech-report was actually posted on the list previously, which is
where I found it. Link included for completeness.

http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433



-------- Original Message --------
Subject: Re: new tech report on easy-to-use IPsec
Date: Wed, 28 Jul 2010 21:36:47 -0400
From: Steven Bellovin <smb at cs.columbia.edu>
To: Adam Aviv <aviv at cis.upenn.edu>


On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
> I couldn't help but notice this nugget of wisdom in your report:
>
> [quote]
>
> Public key infrastructures (PKIs) are surrounded by a great
> mystique. Organizations are regularly told that they are complex,
> require ultra-high security, and perhaps are best outsourced to
> competent parties. Setting up a certifcate authority (CA) requires a
> "ceremony", a term with a technical meaning [13] but nevertheless
> redolent of high priests in robes, acolytes with censers, and
> more. This may or may not be true in general; for most IPsec uses,
> however, little of this is accurate. (High priests and censers are
> defnitely not needed; we are uncertain about the need for acolytes
> ...)

Peter Gutmann told me privately that he thinks the alternate model
involves human sacrifices and perhaps a goat...


		--Steve Bellovin, http://www.cs.columbia.edu/~smb





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list