Re: RESEND: Thoughts on identity attacks

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Khaja" == Khaja E Ahmed <khaja.ahmed@attbi.com> writes:
    Khaja> Perhaps the fact that there were no responses suggests that not
    Khaja> enough people think it is important.  Let me introduce a counter
    Khaja> view.  I not only think it is not important but I think that
    Khaja> pursuit of this goal risks further complicating an already too
    Khaja> complicated protocol.  I really think our energies are best
    Khaja> directed at more important issues.

  Yes, like getting a PKI implementation that people can actually use.

  I'll bet that 90% of the "complexity" of IKE is really the I of PKI.

    Khaja> After a year of discussions on requirements with product
    Khaja> management of all the big VPN manufacturers, I have never even

  Well, that's nice. I suggest that you write an IPsec VPN BCP.
  This is not the VPN WG.

    Khaja> I think most companies find PKI itself too complicated.  Both VPN

  I think that most companies have made very poor purchasing decisions 
when it comes to PKI products. I can't blame them. The offerings have been
very horrible.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPGGPB4qHRg3pndX9AQEphwP+K6C6BZ+o70+TUIWHvoGmLAfYjv3ADXKd
5+nBfYH8JrFHO7EWuXWjuJTWXmSdlV/AN/1nrqS2WHRs/ceFGHlrk7+BisJyg6VC
33yWXkmD7p1OCgGqWhkkl0WQnuN3Yu0I078rHhz/TxAXtX7lbvZ44ggcrmbM2usI
GSrfbOW80NI=
=wQ58
-----END PGP SIGNATURE-----