[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: Wifi Security
From: Blaine Christian <blaine () blaines ! net>
Date: 2005-11-22 5:53:57
Message-ID: F25EC8E5-200A-4FD4-8BA8-744A355FD5DD () blaines ! net
[Download RAW message or body]
>
> There is a fundamental security dilemma here. Years ago the original
> designers of Privacy Enhanced Mail (PEM) had the notion that users
> couldn't be trusted, so the idea was that there would be one root
> CA and
> it would only issue certificates to people who proved who they were.
> Software would only trust this one CA. In this fashion, if the
> software
> said "This came from Jeff Schiller, of MIT" by golly that is where it
> came from. No end-user preferences to get wrong, no dialog boxes to
> click away unread. I even remember arguments along the lines of if a
> signature verification failed, the message would be discarded and the
> user not permitted to read the "damaged" message.
>
> The dilemma is that when you build such a system, the guy who is the
> root always turns out to be a reptile (or is eaten by a reptile who
> takes her place).
>
> -Jeff
Jeff you hit a hot button <grin>... You would love the BGP RP-Sec
stuff going on at IETF etc...
I "think" root authority for live routing protocols is out of the
picture. However, you may want to stay tuned and speak up if you
feel a root authority for routing protocols is bad.
Regards,
Blaine
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic