On 28/07/2010 13:18, Peter Gutmann wrote:
> Ben Laurie <b...@links.org> writes:
>> I find your response strange. You ask how we might fix the problems, then 
>> you 
>> respond that since the world doesn't work that way right now, the fixes 
>> won't 
>> work. Is this just an exercise in one-upmanship? You know more ways the 
>> world 
>> is broken than I do?
> It's not just that the world doesn't work that way now, it's quite likely 
> that 
> it'll never work that way (for the case of PKI/revocations mentioned in the 
> message, not the original SNI).  We've been waiting for between 20 and 30 
> years (depending on what you define as the start date) for PKI to start 
> working, and your reponse seems to indicate that we should wait even harder.  
> If I look at the mechanisms we've got now, I can identify that commercial PKI 
> isn't helping, and revocations aren't helping, and work around that.  I'm 
> after effective practical solutions, not just "a solution exists, QED" 
> solutions.

The core problem appears to be a lack of will to fix the problems, not a
lack of feasible technical solutions.

I don't know why it should help that we find different solutions for the
world to ignore?

http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to