On Aug 11, 2010, at 12:21 47PM, Adam Aviv wrote:
I think the list may get a kick out of this.
The tech-report was actually posted on the list previously, which is
where I found it. Link included for completeness.
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
Thanks. I'll add that the code is now up on SourceForge under a BSD license:
http://sourceforge.net/projects/simple-vpn/
Original Message
Subject: Re: new tech report on easy-to-use IPsec
Date: Wed, 28 Jul 2010 21:36:47 -0400
From: Steven Bellovin s...@cs.columbia.edu
To: Adam Aviv a...@cis.upenn.edu
On Jul 28, 2010, at 9:29 51PM, Adam Aviv wrote:
I couldn't help but notice this nugget of wisdom in your report:
[quote]
Public key infrastructures (PKIs) are surrounded by a great
mystique. Organizations are regularly told that they are complex,
require ultra-high security, and perhaps are best outsourced to
competent parties. Setting up a certifcate authority (CA) requires a
ceremony, a term with a technical meaning [13] but nevertheless
redolent of high priests in robes, acolytes with censers, and
more. This may or may not be true in general; for most IPsec uses,
however, little of this is accurate. (High priests and censers are
defnitely not needed; we are uncertain about the need for acolytes
...)
Peter Gutmann told me privately that he thinks the alternate model
involves human sacrifices and perhaps a goat...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
