I think the list may get a kick out of this.

The tech-report was actually posted on the list previously, which is
where I found it. Link included for completeness.


-------- Original Message --------
Subject: Re: new tech report on easy-to-use IPsec
Date: Wed, 28 Jul 2010 21:36:47 -0400
From: Steven Bellovin <s...@cs.columbia.edu>
To: Adam Aviv <a...@cis.upenn.edu>

On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
> I couldn't help but notice this nugget of wisdom in your report:
> [quote]
> Public key infrastructures (PKIs) are surrounded by a great
> mystique. Organizations are regularly told that they are complex,
> require ultra-high security, and perhaps are best outsourced to
> competent parties. Setting up a certifcate authority (CA) requires a
> "ceremony", a term with a technical meaning [13] but nevertheless
> redolent of high priests in robes, acolytes with censers, and
> more. This may or may not be true in general; for most IPsec uses,
> however, little of this is accurate. (High priests and censers are
> defnitely not needed; we are uncertain about the need for acolytes
> ...)

Peter Gutmann told me privately that he thinks the alternate model
involves human sacrifices and perhaps a goat...

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to