[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Neil J. McRae
neil at COLT.NET
Wed Feb 25 09:40:20 CET 2004
> --On Monday, February 23, 2004 20:58:42 +0100 Kurt Jaeger > <lists at complx.LF.net> wrote: > > > I object on making x.509 the sole method of authenticated > > communication with RIPE. > > > > There's GPG, and it works, now. > > > > X.509 is not the way to go. It's just a (needless) duplication of > > effort. And wading forever in the mess of "do we use this > > protocol/format or that" and so on. > > I would have to concur with this objection. PGP/GPG works, it > is well suited to workflow, requires few special tools (bar > pgp software) on the client side, and is an established method. > > Forcing certificate handling onto the LIR community is NOT > good service, it is IMNSHO overcomplication. PKIen have their > uses, but this is not one. > > I say NO to X.509. I completely disagree. You can say no all you like but frankly for many organisations PGP/GPG is simply not an option because there are a number of issues related to management of keys and users. I suspect an audit of many organisations using PGP/GPG would find alarming issues with the way these are deployed and used. X.509 maybe somewhat overcomplicated [and I don't agree with that fully anyway] for this specific application but if you already have a platform and many organisations do, then its a trivial expansion. Rolling out GPG/PGP across large organisations is just as much of an issue as deploying a PKI system. Whether you like or not X.509 is here and its likely to be here to stay and it works pretty well in my experience. So I welcome the RIPE NCC's direction on this. Regards, Neil.
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]