RE: charter question re IKE changes

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 9:31 PM -0400 10/11/00, Stephen Kent wrote:
>certainly we know how to generate and distribte certs to users who 
>already have entries in a Radius database.

Of course, if that was all we needed to do, our lives would be 
simpler and freer from suffering. However, it isn't. Implementations 
of PKI in the user environment have found that distributing the 
private keys associated with the public keys in the certs, and doing 
so in such a way that the user can use the certificate easily and 
flexibly, is the difficult problem. Note that "distributing" is even 
difficult when the private-public pair is generated on the user's own 
device because the private key has to be secured and yet be made 
available through applications that would need the user to sign 
things. We know the technology for doing this, but we have so far 
implemented it in very klunky fashions. Passwords that can be 
memorized by a user seem a lot more attractive to people who don't 
understand how utterly insecure they are (and even to some people who 
do).

--Paul Hoffman, Director
--VPN Consortium

---

Follow-Ups:

• RE: charter question re IKE changes
• From: Stephen Kent <kent@bbn.com>

References:

• RE: charter question re IKE changes
• From: "Walker, Jesse" <jesse.walker@intel.com>
• RE: charter question re IKE changes
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: RE: charter question re IKE changes
• Next by Date: Re: Reliable delete notifies
• Prev by thread: RE: charter question re IKE changes
• Next by thread: RE: charter question re IKE changes
• Index(es):
  • Main
  • Thread