Re: https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/27/11 7:25 AM, ned+ietf@xxxxxxxxxxxxxxxxx wrote:
I don't have an anwwer here, but the one thing I'm fairly sure of is that
blindly pushing TLS everywhere is not the solution a lot of folks believe
it is.

I tend to think that the problem here (and I agree that it's a big one)
isn't TLS, but that PKI as defined by pkix is very difficult to deploy
correctly.  I've seen similar sorts of problems with digital signatures
on email, but in those cases as often as not someone simply got
the certificate contents wrong (or the user doesn't understand how to
configure his mail client correctly and is using a name that doesn't
appear in the certificate) rather that the cert has expired (although
there's a lot of that, too).  There's a substantial usability problem.

Melinda
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]