ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Its all over for Challenge Response

2004-03-03 16:29:24
from [Mark Baugher] [Permanent Link] 
Phillip,

At 03:10 PM 3/3/2004, Hallam-Baker, Phillip wrote:

>   SSH exists and has been widely deployed for years.  SMTP exists and
> has been widely deployed for years.  There is no need for additional
> standards work.  There is only a need for MUA authors to implement and
> deploy existing protocols.

STARTLS exists, is an approved standard and has been implemented in
Microsoft exchange along with pretty much every other mail server for
years.

Incidentally STARTTLS is the most commonly used email encryption scheme
in use today. It is vastly more successful than PGP or S/MIME combined.
How could that be since STARTLS is hop-by-hop and not end-to-end? This is comparing apples and oranges, isn't it? 

Mark



>   Nothing in that process requires input from the IETF or any other
> standards body.

Using SSH would require input. You have to know the other endpoint
supports SSH.


Digital certificates provide the accreditation component that is the
principle value in the only two cryptography schemes that have been
an unqualified success - SSL driven e-commerce and the authenticode scheme.

Sure there are people who claim there is no value from certificates
that cannot be provided through a web of trust. The real issue is
accountability. I designed my procedures so that each employee in the
CA center is accountable for their actions, as a company we agree to
be held accountable within the bounds of predefined limits to the
parties relying on our certificates.


Sure you can build peer-to-peer type networks. But peer-to-peer trust
networks are complex and unweildy. That is why pretty much every
B2B scheme that starts as bilateral relationships quickly moves
to a Value Added Network model, you authenticate to the hub and
then you can talk to anyone.

The Web has peer to peer aspects, eliminating the central hub was
what made the network hypertext model work. But look at Google and
you will see that the search model is not peer to peer.

                Phill

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Its all over for Challenge Response, Hallam-Baker, Phillip
Next by Date:  Re: [Asrg] Its all over for Challenge Response, Yakov Shafranovich
Previous by Thread:  RE: [Asrg] Its all over for Challenge Response, Hallam-Baker, Phillip
Next by Thread:  Re: [Asrg] Its all over for Challenge Response, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]