Re: Wifi Security

North American Network Operators Group

Re: Wifi Security

From: Blaine Christian
Date: Tue Nov 22 00:55:03 2005

There is a fundamental security dilemma here. Years ago the original
designers of Privacy Enhanced Mail (PEM) had the notion that users
couldn't be trusted, so the idea was that there would be one root CA and
it would only issue certificates to people who proved who they were.
Software would only trust this one CA. In this fashion, if the software
said "This came from Jeff Schiller, of MIT" by golly that is where it
came from. No end-user preferences to get wrong, no dialog boxes to
click away unread. I even remember arguments along the lines of if a
signature verification failed, the message would be discarded and the
user not permitted to read the "damaged" message.

The dilemma is that when you build such a system, the guy who is the
root always turns out to be a reptile (or is eaten by a reptile who
takes her place).

-Jeff

Jeff you hit a hot button <grin>... You would love the BGP RP-Sec stuff going on at IETF etc...

I "think" root authority for live routing protocols is out of the picture. However, you may want to stay tuned and speak up if you feel a root authority for routing protocols is bad.

Regards,

Blaine

Follow-Ups:
- BGP Security and PKI Hierarchies (was: Re: Wifi Security) Jeffrey I. Schiller

References:
- Re: Wifi Security Steven M. Bellovin
- Re: Wifi Security Jeffrey I. Schiller

Prev by Date: Re: Wifi Security
Next by Date: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
Date Index
Thread Index
Author Index
Historical