To:
Derek Atkins <warlord@MIT.EDU>
cc:
Keith Moore <moore@cs.utk.edu>, Steve Hanna <steve.hanna@sun.com>, Simon Josefsson <simon+keydist@josefsson.org>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Mon, 14 Jan 2002 19:10:18 -0500
In-reply-to:
Your message of "14 Jan 2002 18:58:16 EST." <sjmita4qycn.fsf@kikki.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: looking for draft volunteers
> Yea, but even if there is a framework with multiple levels of trust, a > company that implements only "causual" trust can still claim to be > "secure". Heck, companies claim to be secure when they use rot13. I > don't think you can stop that from happening. no, but what we hope they will say is that they implement "IETF secure keydist" and that customers will make that a check-off item. if we define "IETF secure keydist" in such a way that it is for casual use only, that's the best we'll get from those vendors. if we define "IETF secure keydist" in such a way that it can be used for more demanding purposes, we can probably get something which is suitable for more than casual use, as long as it's well-defined and implementable with reasonable effort. of course, there's a limit to what we can get. for instance, we can't do much to ensure quality of implementation, nor to ensure the security of the underlying platforms. Keith