[18357] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Thu Sep 1 13:33:06 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4316B046.4060109@st.cs.uni-sb.de>
Date: Thu, 1 Sep 2005 09:07:11 -0700
To: cryptography@metzdowd.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
>Are we now at a point where we must admit that PKI isn't going to happen
s/happen/happen in a widely useful fashion/
> for the Web
s/Web/Web and email/
> and that we therefore must face the rewriting of an unknown (but
>presumably large) number of lines of code to accomodate PSKs?
Self-signed certificates that are fingerprinted out-of-band are
better than PSKs in some situations, worse in others.
> If that's so, I believe that PSKs will have deployment problems as
>large as PKI's that will prevent their widespread acceptance.
Bingo.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
