To:
"Mike Petkevich" <michael_petkevich@bmc.com>
Cc:
"Keith Moore" <moore@cs.utk.edu>, "Edward Lewis" <lewis@tislabs.com>, keydist@cafax.se
From:
Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date:
Tue, 26 Mar 2002 00:03:57 -0500
In-Reply-To:
Message from "Mike Petkevich" <michael_petkevich@bmc.com> of "Mon, 25 Mar 2002 21:43:49 PST." <00e001c1d489$3502f980$691615ac@mikepchome>
Reply-To:
sommerfeld@orchard.arlington.ma.us
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
> browsers are shipped with trusted CA roots hardcoded. now if there was ever a system with a poor trust model, this is it. > So it becomes a risk management problem. As a system designer I do > not want to make such decisions for a user. Indeed. and those who reject systems which wish to bootstrap off secured dns out of hand are not letting the user make this informed decision. > Rather, I would like to give user a notice that more usability will > bring more vulnerability and less security. Well, this tradeoff is inexact at best. Complex, hard-to-use security systems are either (a) not deployed, or (b) misconfigured or (c) have bugs due to the complexity. Any of these result in reduced security relative to a less-complex, deployable alternative. - Bill