[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: Wifi Security
From:       Blaine Christian <blaine () blaines ! net>
Date:       2005-11-22 5:53:57
Message-ID: F25EC8E5-200A-4FD4-8BA8-744A355FD5DD () blaines ! net
[Download RAW message or body]


>
> There is a fundamental security dilemma here. Years ago the original
> designers of Privacy Enhanced Mail (PEM) had the notion that users
> couldn't be trusted, so the idea was that there would be one root  
> CA and
> it would only issue certificates to people who proved who they were.
> Software would only trust this one CA. In this fashion, if the  
> software
> said "This came from Jeff Schiller, of MIT" by golly that is where it
> came from. No end-user preferences to get wrong, no dialog boxes to
> click away unread. I even remember arguments along the lines of if a
> signature verification failed, the message would be discarded and the
> user not permitted to read the "damaged" message.
>
> The dilemma is that when you build such a system, the guy who is the
> root always turns out to be a reptile (or is eaten by a reptile who
> takes her place).
>
> 			-Jeff

Jeff you hit a hot button <grin>...  You would love the BGP RP-Sec  
stuff going on at IETF etc...

I "think" root authority for live routing protocols is out of the  
picture.  However, you may want to stay tuned and speak up if you  
feel a root authority for routing protocols is bad.

Regards,

Blaine



[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic