To:
Ted.Hardie@nominum.com
Cc:
Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date:
Mon, 25 Mar 2002 20:18:55 -0500
In-Reply-To:
Message from Ted Hardie <Ted.Hardie@nominum.com> of "Mon, 25 Mar 2002 16:44:09 PST." <20020325164409.C39944@shell.nominum.com>
Reply-To:
sommerfeld@orchard.arlington.ma.us
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
So, I will wear my "security clueful" hat here... Getting "strong" trust established is extremely difficult. In practice, some of the security types seem to want perfect security. This leads to people *deploying* extremely weak trust models (e.g., what ssh does out of the box, namely send an unprotected key across the wire and just remembering it from session to session). This annoys the pragmatic security types like me. I don't want to undercut those folks who are capable of deploying an X.509 PKI, but rather provide an alternative to doing stupid things like what SSH does on your first connection to a system. Note that even given the DNSSEC hierarchical model, I can improve the trust situation by configuring trusted keys for those zones I interact with on a regular basis (e.g., in my case, sun.com, netbsd.org, mit.edu, ietf.org...) if I have some out-of-band way to get a trusted copy of the keys. - Bill