Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SPAM Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00

To: ekr at networkresonance.com
Subject: Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00
From: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Thu, 22 Mar 2007 02:21:24 -0400
Cc: Ari Medvinsky <arimed at windows.microsoft.com>, tls at ietf.org
In-reply-to: <20070322060158.F34491CC29@delta.rtfm.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Secure Endpoints Inc.
References: <20070322060158.F34491CC29@delta.rtfm.com>
Reply-to: jaltman at secure-endpoints.com
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

EKR wrote:
> Jeffrey Altman <jaltman at secure-endpoints.com> wrote:
> Sure, but as we're seeing in a number of applications, this doesn't
> preclude the use of self-signed certs.
>   
No it doesn't.  However, as I've seen in a number of commercial and open
source products,
the authors don't want to go to the trouble of writing code to generate
certificates as part
of the install so they install the same self-signed certificate and
private key on every system
in the world.  Most users are to naive to know how to replace the
certificate, probably don't
know that they should, and assume that because there is a certificate
there that they are secure.
One of these commercial products and its self-signed certificate was in
use for many years
by a major Medicare system. 

Self-signed certificates have their place but they should not be used as
a bootstrap method
for other authentication technologies.  Too many people make the wrong
assumptions just
based upon their presence.  Please do not insist that they be used as
part of a TLS-GSS
solution.

Jeffrey Altman

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Nelson B Bolyard
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Martin Rex

References:
- Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR

Prev by Date: Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00
Next by Date: RE: [TLS] TLS state machine
Previous by thread: Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00
Next by thread: Re: [TLS] Review of draft-santesson-tls-gssapi-00
Index(es):
- Date
- Thread

Re: [***SPAM*** Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [SPAM Score/Req: 11.0/5.0] Re: [TLS] Review of draft-santesson-tls-gssapi-00