[70089] in North American Network Operators' Group
Re: Buying and selling root certificates
daemon@ATHENA.MIT.EDU (David Lesher)
Wed Apr 28 21:59:27 2004
From: David Lesher <wb8foz@nrk.com>
To: nanog@merit.edu (nanog list)
Date: Wed, 28 Apr 2004 22:03:17 -0400 (EDT)
In-Reply-To: <20040429010528.838BA7B46@berkshire.research.att.com> from "Steven M. Bellovin" at Apr 28, 2004 09:05:28 PM
Reply-To: wb8foz@nrk.com
Errors-To: owner-nanog-outgoing@merit.edu
Steve asked:
> Put another way, what's your threat model?
Reminder:
That is THE question you ask first for any security question,
where "security" is everything from door locks at home, parking
spaces at dinner ....to # of guards with M-16's at the data center.
And you should ask it 3-4 times, and see what variety of answers
you get.....
Then ask again at the next review. (Things Change -- just recall
who our biggest ally was in defeating Hitler...and against Iran...)
I see lots of people putting {virtual} vault doors on straw houses.
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
