Re: Wifi Security

[Blaine Christian <blaine () blaines net>]

> There is a fundamental security dilemma here. Years ago the original
> designers of Privacy Enhanced Mail (PEM) had the notion that users
> couldn't be trusted, so the idea was that there would be one root  
> CA and
> it would only issue certificates to people who proved who they were.
> Software would only trust this one CA. In this fashion, if the  
> software
> said "This came from Jeff Schiller, of MIT" by golly that is where it
> came from. No end-user preferences to get wrong, no dialog boxes to
> click away unread. I even remember arguments along the lines of if a
> signature verification failed, the message would be discarded and the
> user not permitted to read the "damaged" message.
>
> The dilemma is that when you build such a system, the guy who is the
> root always turns out to be a reptile (or is eaten by a reptile who
> takes her place).
>
>                         -Jeff

Jeff you hit a hot button <grin>...  You would love the BGP RP-Sec  
stuff going on at IETF etc...

I "think" root authority for live routing protocols is out of the  
picture.  However, you may want to stay tuned and speak up if you  
feel a root authority for routing protocols is bad.

Regards,

Blaine