On Aug 11, 2010, at 12:21 47PM, Adam Aviv wrote: > I think the list may get a kick out of this. > > The tech-report was actually posted on the list previously, which is > where I found it. Link included for completeness. > > http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
Thanks. I'll add that the code is now up on SourceForge under a BSD license: http://sourceforge.net/projects/simple-vpn/ > > > > -------- Original Message -------- > Subject: Re: new tech report on easy-to-use IPsec > Date: Wed, 28 Jul 2010 21:36:47 -0400 > From: Steven Bellovin <s...@cs.columbia.edu> > To: Adam Aviv <a...@cis.upenn.edu> > > > On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote: >> I couldn't help but notice this nugget of wisdom in your report: >> >> [quote] >> >> Public key infrastructures (PKIs) are surrounded by a great >> mystique. Organizations are regularly told that they are complex, >> require ultra-high security, and perhaps are best outsourced to >> competent parties. Setting up a certifcate authority (CA) requires a >> "ceremony", a term with a technical meaning [13] but nevertheless >> redolent of high priests in robes, acolytes with censers, and >> more. This may or may not be true in general; for most IPsec uses, >> however, little of this is accurate. (High priests and censers are >> defnitely not needed; we are uncertain about the need for acolytes >> ...) > > Peter Gutmann told me privately that he thinks the alternate model > involves human sacrifices and perhaps a goat... > > > --Steve Bellovin, http://www.cs.columbia.edu/~smb > > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com > --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
