This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Neil J. McRae
neil at COLT.NET
Wed Feb 25 09:40:20 CET 2004
> --On Monday, February 23, 2004 20:58:42 +0100 Kurt Jaeger > <lists at complx.LF.net> wrote: > > > I object on making x.509 the sole method of authenticated > > communication with RIPE. > > > > There's GPG, and it works, now. > > > > X.509 is not the way to go. It's just a (needless) duplication of > > effort. And wading forever in the mess of "do we use this > > protocol/format or that" and so on. > > I would have to concur with this objection. PGP/GPG works, it > is well suited to workflow, requires few special tools (bar > pgp software) on the client side, and is an established method. > > Forcing certificate handling onto the LIR community is NOT > good service, it is IMNSHO overcomplication. PKIen have their > uses, but this is not one. > > I say NO to X.509. I completely disagree. You can say no all you like but frankly for many organisations PGP/GPG is simply not an option because there are a number of issues related to management of keys and users. I suspect an audit of many organisations using PGP/GPG would find alarming issues with the way these are deployed and used. X.509 maybe somewhat overcomplicated [and I don't agree with that fully anyway] for this specific application but if you already have a platform and many organisations do, then its a trivial expansion. Rolling out GPG/PGP across large organisations is just as much of an issue as deploying a PKI system. Whether you like or not X.509 is here and its likely to be here to stay and it works pretty well in my experience. So I welcome the RIPE NCC's direction on this. Regards, Neil.
- Previous message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
- Next message (by thread): [ncc-services-wg] Improved Secure Communication for Registration Services (RS) Mailboxes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]