On Dec 6, 2012, at 4:12 PM, Richard Barnes wrote: >> My 0.02, I worry that your web interface is inadequate for the eventual >> secure provisioning of router certs. > > I'm curious what sort of UI you would recommend for provisioning router > certs.
As I thought I had outlined, the fundamental problem is in the hosted model. I don't think data owners/operators should be captive to external systemic dependencies in this case. > There's not a fundamental difference between trusting TLS to deliver HTTPS > and trusting, say, SSH to protect your router CLI. Right, they're both dangerous choices when you do them over the vast/untrusted/public interwebz compared to doing provisioning in house... Not sure where you're going with this... > Any UI presents a point of vulnerability. I don't really see a reason to > pick on web apps in this context. No... there's a lot of systemic dependencies that get roped in when you start doing these things out over the Internet vs. in your NOC. Eric _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
