This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kurt Jaeger
lists at complx.LF.net
Wed Feb 25 08:23:09 CET 2004
Hi! > >I object on making x.509 the sole method of authenticated > >communication with RIPE. > > >There's GPG, and it works, now. > > I think this is an exageration. The only form of > authenticated communication which works now over the > Internet is SSL combined with HTTP. Why, then, do I read so much about failed key mgmt, bugs in openssl and the like all the time, which shows that it is an major operational PITA ? > The choice of which secure technology is irrelevant. Fine, then we can concentrate on GPG and we do not need x.509 based systems ? > The security features of the technology are irrelevant. I do not argue about whether one is more secure than the other, I argue about the operational it requires now and in the future. It looks to me like a major time-burner. Especially now that RIPE is suggesting "hey, we have GPG and X.509, choose". I thought we all learned from Tanenbaum that having multiple concurrent standards does not really solve any problems. > The only thing that matters is how easy will it > be to use the new technology and how will RIPE > teach people to use the technology and what tools > will RIPE make available to people to run on their > Windows machines, Macintosh machines and UNIX workstations > so that they can use this new technology as easily as > they use the web or email today. > > GPG isn't necessarily any easier to learn and use > than X.509 is. Maybe, thats what http://www.gnupg.org/(en)/related_software/frontends.html is for. > Remember, the audience for this is the > LIR staff who administer IP address allocations. They > are not necessarily engineers or technical people. > They probably don't use UNIX workstations and they > probably don't know how to write scripts or use a > command line. They don't need to, see above. -- MfG/Best regards, Kurt Jaeger 16 years to go ! LF.net GmbH fon +49 711 90074-23 pi at LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]