On Aug 11, 2010, at 12:21 47PM, Adam Aviv wrote:

> I think the list may get a kick out of this.
> 
> The tech-report was actually posted on the list previously, which is
> where I found it. Link included for completeness.
> 
> http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433

Thanks.  I'll add that the code is now up on SourceForge under a BSD license:
http://sourceforge.net/projects/simple-vpn/


> 
> 
> 
> -------- Original Message --------
> Subject: Re: new tech report on easy-to-use IPsec
> Date: Wed, 28 Jul 2010 21:36:47 -0400
> From: Steven Bellovin <s...@cs.columbia.edu>
> To: Adam Aviv <a...@cis.upenn.edu>
> 
> 
> On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
>> I couldn't help but notice this nugget of wisdom in your report:
>> 
>> [quote]
>> 
>> Public key infrastructures (PKIs) are surrounded by a great
>> mystique. Organizations are regularly told that they are complex,
>> require ultra-high security, and perhaps are best outsourced to
>> competent parties. Setting up a certifcate authority (CA) requires a
>> "ceremony", a term with a technical meaning [13] but nevertheless
>> redolent of high priests in robes, acolytes with censers, and
>> more. This may or may not be true in general; for most IPsec uses,
>> however, little of this is accurate. (High priests and censers are
>> defnitely not needed; we are uncertain about the need for acolytes
>> ...)
> 
> Peter Gutmann told me privately that he thinks the alternate model
> involves human sacrifices and perhaps a goat...
> 
> 
>               --Steve Bellovin, http://www.cs.columbia.edu/~smb
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
> 


                --Steve Bellovin, http://www.cs.columbia.edu/~smb





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to