new tech report on easy-to-use IPsec
Steven Bellovin
smb at cs.columbia.edu
Fri Aug 13 18:15:27 EDT 2010
On Aug 11, 2010, at 12:21 47PM, Adam Aviv wrote:
> I think the list may get a kick out of this.
>
> The tech-report was actually posted on the list previously, which is
> where I found it. Link included for completeness.
>
> http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
Thanks. I'll add that the code is now up on SourceForge under a BSD license:
http://sourceforge.net/projects/simple-vpn/
>
>
>
> -------- Original Message --------
> Subject: Re: new tech report on easy-to-use IPsec
> Date: Wed, 28 Jul 2010 21:36:47 -0400
> From: Steven Bellovin <smb at cs.columbia.edu>
> To: Adam Aviv <aviv at cis.upenn.edu>
>
>
> On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
>> I couldn't help but notice this nugget of wisdom in your report:
>>
>> [quote]
>>
>> Public key infrastructures (PKIs) are surrounded by a great
>> mystique. Organizations are regularly told that they are complex,
>> require ultra-high security, and perhaps are best outsourced to
>> competent parties. Setting up a certifcate authority (CA) requires a
>> "ceremony", a term with a technical meaning [13] but nevertheless
>> redolent of high priests in robes, acolytes with censers, and
>> more. This may or may not be true in general; for most IPsec uses,
>> however, little of this is accurate. (High priests and censers are
>> defnitely not needed; we are uncertain about the need for acolytes
>> ...)
>
> Peter Gutmann told me privately that he thinks the alternate model
> involves human sacrifices and perhaps a goat...
>
>
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list