On Dec 6, 2012, at 4:20 PM, Eric Osterweil <[email protected]> wrote:
> > On Dec 6, 2012, at 4:12 PM, Richard Barnes wrote: > >>> My 0.02, I worry that your web interface is inadequate for the eventual >>> secure provisioning of router certs. >> >> I'm curious what sort of UI you would recommend for provisioning router >> certs. > > As I thought I had outlined, the fundamental problem is in the hosted model. > I don't think data owners/operators should be captive to external systemic > dependencies in this case. > >> There's not a fundamental difference between trusting TLS to deliver HTTPS >> and trusting, say, SSH to protect your router CLI. > > Right, they're both dangerous choices when you do them over the > vast/untrusted/public interwebz compared to doing provisioning in house... > Not sure where you're going with this... > >> Any UI presents a point of vulnerability. I don't really see a reason to >> pick on web apps in this context. > > No... there's a lot of systemic dependencies that get roped in when you start > doing these things out over the Internet vs. in your NOC. As Chris mentioned down-thread: Could you explain how these considerations differ from considerations around hosted services for critical services, e.g., DNSSEC? --Richard _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
