>From my perspective it is much cheaper for me to build a tool that does the
job right and give it to you than to follow the usual approach of yet more
poorly designed and documented stuff that might work or might not.

Having worked in Web security over 20 years now, I have still to see a case
where a system was breached because of a really subtle design flaw. Every
security issue I have seen has been really simple once it has been
identified and isolated.

Computer systems are hard to run and harder to secure because of the volume
of complexity rather than the degree of complexity. Each individual step is
trivial in itself but the cumulative effect is very large. I am sitting
next to the print edition of the Oxford English Dictionary which is 20
volumes of dense print. It is something like 200Mb in total. That was the
pinacle of achievement of Victorian research taking several decades and
thousands of authors. Modern operating systems and applications are much
larger. And because we design and build them in the wrong way it only takes
one mistake for them to fail.

One way that real world sysops defend themselves against complexity is to
refuse to learn anything that is new.

Judging the deployability of a protocol change based on whether IETF
participants are able to do so and willing to invest the necessary effort
skews the sample badly. If it were left to us we would have been using IPv6
for over a decade already.

On Thu, Nov 1, 2012 at 12:38 PM, Lucy Lynch <lly...@civil-tongue.net> wrote:

> On Thu, 1 Nov 2012, Phillip Hallam-Baker wrote:
>  This is about barely capable sysadmins.
> I'm a barely capable sysadmin and the steps Ben outlined seem both
> reasonable and do-able to me. I also like the option to build it into the
> server where smart hands can build it into the default options for
> configuration -
> - Lucy
>  Different problem.
>> On Thu, Nov 1, 2012 at 11:14 AM, Paul Hoffman <paul.hoff...@vpnc.org>
>> wrote:
>>  On Nov 1, 2012, at 2:10 AM, Ben Laurie <b...@google.com> wrote:
>>>  Its only software. The process of participating in CT for a server
>>> operator is:
>>>> 1. Run command line tool once, giving it your certificate as input and
>>>> an SCT file as output.
>>>> 2. Add one line of configuration to your server config.
>>>> Not exactly rocket science. If people _really_ find it hard, we could
>>>> build it into the servers so there was no manual step at all.
>>> As someone who has to trust every CA in the root pile in my browsers and
>>> OSs, I find it frightening that a CA who can say "this is your bank's
>>> certificate" cannot handle new requirements for how to say that. If
>>> adopting a simple protocol like this causes an ossified CA too many
>>> problems, maybe I don't trust that CA to be able to issue certificates
>>> for
>>> my bank, much less to be able to know which certificates that they are
>>> actually issuing.
>>> --Paul Hoffman
>>> ______________________________**_________________
>>> therightkey mailing list
>>> therightkey@ietf.org
>>> https://www.ietf.org/mailman/**listinfo/therightkey<https://www.ietf.org/mailman/listinfo/therightkey>
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey

Website: http://hallambaker.com/
therightkey mailing list

Reply via email to