>From my perspective it is much cheaper for me to build a tool that does the job right and give it to you than to follow the usual approach of yet more poorly designed and documented stuff that might work or might not.
Having worked in Web security over 20 years now, I have still to see a case where a system was breached because of a really subtle design flaw. Every security issue I have seen has been really simple once it has been identified and isolated. Computer systems are hard to run and harder to secure because of the volume of complexity rather than the degree of complexity. Each individual step is trivial in itself but the cumulative effect is very large. I am sitting next to the print edition of the Oxford English Dictionary which is 20 volumes of dense print. It is something like 200Mb in total. That was the pinacle of achievement of Victorian research taking several decades and thousands of authors. Modern operating systems and applications are much larger. And because we design and build them in the wrong way it only takes one mistake for them to fail. One way that real world sysops defend themselves against complexity is to refuse to learn anything that is new. Judging the deployability of a protocol change based on whether IETF participants are able to do so and willing to invest the necessary effort skews the sample badly. If it were left to us we would have been using IPv6 for over a decade already. On Thu, Nov 1, 2012 at 12:38 PM, Lucy Lynch <lly...@civil-tongue.net> wrote: > On Thu, 1 Nov 2012, Phillip Hallam-Baker wrote: > > This is about barely capable sysadmins. >> > > I'm a barely capable sysadmin and the steps Ben outlined seem both > reasonable and do-able to me. I also like the option to build it into the > server where smart hands can build it into the default options for > configuration - > > - Lucy > > > Different problem. >> >> >> On Thu, Nov 1, 2012 at 11:14 AM, Paul Hoffman <paul.hoff...@vpnc.org> >> wrote: >> >> On Nov 1, 2012, at 2:10 AM, Ben Laurie <b...@google.com> wrote: >>> >>> Its only software. The process of participating in CT for a server >>>> >>> operator is: >>> >>>> >>>> 1. Run command line tool once, giving it your certificate as input and >>>> an SCT file as output. >>>> >>>> 2. Add one line of configuration to your server config. >>>> >>>> Not exactly rocket science. If people _really_ find it hard, we could >>>> build it into the servers so there was no manual step at all. >>>> >>> >>> As someone who has to trust every CA in the root pile in my browsers and >>> OSs, I find it frightening that a CA who can say "this is your bank's >>> certificate" cannot handle new requirements for how to say that. If >>> adopting a simple protocol like this causes an ossified CA too many >>> problems, maybe I don't trust that CA to be able to issue certificates >>> for >>> my bank, much less to be able to know which certificates that they are >>> actually issuing. >>> >>> --Paul Hoffman >>> ______________________________**_________________ >>> therightkey mailing list >>> therightkey@ietf.org >>> https://www.ietf.org/mailman/**listinfo/therightkey<https://www.ietf.org/mailman/listinfo/therightkey> >>> >>> >> >> >> > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey