[145639] in cryptography@c2.net mail archive
Fwd: Re: new tech report on easy-to-use IPsec
daemon@ATHENA.MIT.EDU (Adam Aviv)
Wed Aug 11 20:26:13 2010
Date: Wed, 11 Aug 2010 12:21:47 -0400
From: Adam Aviv <aviv@cis.upenn.edu>
To: cryptography@metzdowd.com
I think the list may get a kick out of this.
The tech-report was actually posted on the list previously, which is
where I found it. Link included for completeness.
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
-------- Original Message --------
Subject: Re: new tech report on easy-to-use IPsec
Date: Wed, 28 Jul 2010 21:36:47 -0400
From: Steven Bellovin <smb@cs.columbia.edu>
To: Adam Aviv <aviv@cis.upenn.edu>
On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
> I couldn't help but notice this nugget of wisdom in your report:
>
> [quote]
>
> Public key infrastructures (PKIs) are surrounded by a great
> mystique. Organizations are regularly told that they are complex,
> require ultra-high security, and perhaps are best outsourced to
> competent parties. Setting up a certifcate authority (CA) requires a
> "ceremony", a term with a technical meaning [13] but nevertheless
> redolent of high priests in robes, acolytes with censers, and
> more. This may or may not be true in general; for most IPsec uses,
> however, little of this is accurate. (High priests and censers are
> defnitely not needed; we are uncertain about the need for acolytes
> ...)
Peter Gutmann told me privately that he thinks the alternate model
involves human sacrifices and perhaps a goat...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
