I think the list may get a kick out of this. The tech-report was actually posted on the list previously, which is where I found it. Link included for completeness.
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433 -------- Original Message -------- Subject: Re: new tech report on easy-to-use IPsec Date: Wed, 28 Jul 2010 21:36:47 -0400 From: Steven Bellovin <s...@cs.columbia.edu> To: Adam Aviv <a...@cis.upenn.edu> On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote: > I couldn't help but notice this nugget of wisdom in your report: > > [quote] > > Public key infrastructures (PKIs) are surrounded by a great > mystique. Organizations are regularly told that they are complex, > require ultra-high security, and perhaps are best outsourced to > competent parties. Setting up a certifcate authority (CA) requires a > "ceremony", a term with a technical meaning [13] but nevertheless > redolent of high priests in robes, acolytes with censers, and > more. This may or may not be true in general; for most IPsec uses, > however, little of this is accurate. (High priests and censers are > defnitely not needed; we are uncertain about the need for acolytes > ...) Peter Gutmann told me privately that he thinks the alternate model involves human sacrifices and perhaps a goat... --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com