KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: keydist@cafax.se
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 15 Jan 2002 17:14:33 -0500
In-reply-to: Your message of "Mon, 14 Jan 2002 18:55:45 EST." <200201142355.g0ENtji00892@astro.cs.utk.edu>
Sender: owner-keydist@cafax.se
Subject: Re: looking for draft volunteers

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Keith" == Keith Moore <moore@cs.utk.edu> writes:
    Keith> I think if we only solve the casual use problem, without defining
    Keith> more trustworthy mechanisms, then marketers will tell customers 
    Keith> that the products that use these mechanisms are "secure", or
    Keith> "trustworthy" when they're really only epsilon more trustworthy 
    Keith> than what we have now.

  I'm not sure that we can ever prevent this from occuring.
  I agree that it is a reason to define multiple mechanisms.

  I'm not certain that DNS based systems are going to be useful for anything
other than the casual use mechanism. In my experience the lack of casual use
of encryption is what makes non-casual use so hard to do - people aren't used 
to doing things at all and the software is never ready.

    Keith> OTOH, if we design a framework that allows multiple degrees of
    Keith> trust, and multiple paths for establishing trust, the same products
    Keith> that provide a casual level of security for things authenticated
    Keith> solely by DNS, can also provide a higher level of security for
    Keith> things authenticated by more trustworthy means.  

  So, I agree strongly with you here.

  But, I'm not clear if the more trustworthy means are necessarily related in 
any way to DNS. If there is need for this trusted referral system, then I
guess there is some other service that DNS can provide. 

  Is there really a lot of call for such a system at this time? (not a
rhetorical or cynical question. I truly want to know).

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPESpxoqHRg3pndX9AQGGpAP+JSVnrKltdLrplH18WMbIxaRQM8ZVJoUt
6Jw+72Bu2l82hG+MUFthenyFdwpalAH40ny/U/CeNC/GqtdiduyCmHDC8dFiYgJu
MxILjuLqtVRcQs5Q0Ew3K8U2Di1MfFbrEOP5JeKsLRxqs7nWf0t/fMWHGDv5ebDM
PxGCdmb/f9M=
=Co+T
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: looking for draft volunteers
  - From: Keith Moore <moore@cs.utk.edu>

References:
- Re: looking for draft volunteers
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: Re: Trusting keys (was Re: looking for draft volunteers)
Next by Date: Re: looking for draft volunteers
Prev by thread: Re: problem statements...
Next by thread: Re: looking for draft volunteers
Index(es):
- Date
- Thread

Home | Date list | Subject list