[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kurt Jaeger
lists at complx.LF.net
Wed Feb 25 08:23:09 CET 2004
Hi! > >I object on making x.509 the sole method of authenticated > >communication with RIPE. > > >There's GPG, and it works, now. > > I think this is an exageration. The only form of > authenticated communication which works now over the > Internet is SSL combined with HTTP. Why, then, do I read so much about failed key mgmt, bugs in openssl and the like all the time, which shows that it is an major operational PITA ? > The choice of which secure technology is irrelevant. Fine, then we can concentrate on GPG and we do not need x.509 based systems ? > The security features of the technology are irrelevant. I do not argue about whether one is more secure than the other, I argue about the operational it requires now and in the future. It looks to me like a major time-burner. Especially now that RIPE is suggesting "hey, we have GPG and X.509, choose". I thought we all learned from Tanenbaum that having multiple concurrent standards does not really solve any problems. > The only thing that matters is how easy will it > be to use the new technology and how will RIPE > teach people to use the technology and what tools > will RIPE make available to people to run on their > Windows machines, Macintosh machines and UNIX workstations > so that they can use this new technology as easily as > they use the web or email today. > > GPG isn't necessarily any easier to learn and use > than X.509 is. Maybe, thats what http://www.gnupg.org/(en)/related_software/frontends.html is for. > Remember, the audience for this is the > LIR staff who administer IP address allocations. They > are not necessarily engineers or technical people. > They probably don't use UNIX workstations and they > probably don't know how to write scripts or use a > command line. They don't need to, see above. -- MfG/Best regards, Kurt Jaeger 16 years to go ! LF.net GmbH fon +49 711 90074-23 pi at LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]