[86909] in North American Network Operators' Group
Re: Wifi Security
daemon@ATHENA.MIT.EDU (Blaine Christian)
Tue Nov 22 00:54:19 2005
In-Reply-To: <4382963B.1050209@mit.edu>
Cc: nanog@nanog.org
From: Blaine Christian <blaine@blaines.net>
Date: Tue, 22 Nov 2005 00:53:57 -0500
To: "Jeffrey I. Schiller" <jis@MIT.EDU>
Errors-To: owner-nanog@merit.edu
>
> There is a fundamental security dilemma here. Years ago the original
> designers of Privacy Enhanced Mail (PEM) had the notion that users
> couldn't be trusted, so the idea was that there would be one root
> CA and
> it would only issue certificates to people who proved who they were.
> Software would only trust this one CA. In this fashion, if the
> software
> said "This came from Jeff Schiller, of MIT" by golly that is where it
> came from. No end-user preferences to get wrong, no dialog boxes to
> click away unread. I even remember arguments along the lines of if a
> signature verification failed, the message would be discarded and the
> user not permitted to read the "damaged" message.
>
> The dilemma is that when you build such a system, the guy who is the
> root always turns out to be a reptile (or is eaten by a reptile who
> takes her place).
>
> -Jeff
Jeff you hit a hot button <grin>... You would love the BGP RP-Sec
stuff going on at IETF etc...
I "think" root authority for live routing protocols is out of the
picture. However, you may want to stay tuned and speak up if you
feel a root authority for routing protocols is bad.
Regards,
Blaine
