nanog mailing list archives
Re: Wifi Security
From: Blaine Christian <blaine () blaines net>
Date: Tue, 22 Nov 2005 00:53:57 -0500
There is a fundamental security dilemma here. Years ago the original designers of Privacy Enhanced Mail (PEM) had the notion that userscouldn't be trusted, so the idea was that there would be one root CA andit would only issue certificates to people who proved who they were.Software would only trust this one CA. In this fashion, if the softwaresaid "This came from Jeff Schiller, of MIT" by golly that is where it came from. No end-user preferences to get wrong, no dialog boxes to click away unread. I even remember arguments along the lines of if a signature verification failed, the message would be discarded and the user not permitted to read the "damaged" message. The dilemma is that when you build such a system, the guy who is the root always turns out to be a reptile (or is eaten by a reptile who takes her place). -Jeff
Jeff you hit a hot button <grin>... You would love the BGP RP-Sec stuff going on at IETF etc...
I "think" root authority for live routing protocols is out of the picture. However, you may want to stay tuned and speak up if you feel a root authority for routing protocols is bad.
Regards, Blaine
Current thread:
- Re: Wifi Security, (continued)
- Re: Wifi Security Jim Popovitch (Nov 21)
- Re: Wifi Security Joel Jaeggli (Nov 21)
- Re: Wifi Security william(at)elan.net (Nov 21)
- Re: Wifi Security Stephen J. Wilcox (Nov 21)
- Re: Wifi Security Steven M. Bellovin (Nov 21)
- Re: Wifi Security Joel Jaeggli (Nov 21)
- Re: Wifi Security Stephen J. Wilcox (Nov 21)
- Re: Wifi Security Joel Jaeggli (Nov 21)
- Re: Wifi Security Steven M. Bellovin (Nov 21)
- Re: Wifi Security Jeffrey I. Schiller (Nov 21)
- Re: Wifi Security Blaine Christian (Nov 21)
- BGP Security and PKI Hierarchies (was: Re: Wifi Security) Jeffrey I. Schiller (Nov 21)
- Re: Wifi Security Gadi Evron (Nov 21)
- Re: Wifi Security Gadi Evron (Nov 21)
- Re: Wifi Security Steven M. Bellovin (Nov 21)
- Re: Wifi Security Gadi Evron (Nov 21)
- Re: Wifi Security Gadi Evron (Nov 21)