Re: https

On 08/26/2011 11:22 AM, Adam Novak wrote:

For what reasons? Is it that things scheduled every year or every ten
years are easy for admins to miss? Or is it that it's hard to stay on
top of certificate revocations when they occur?


Firewall researchers have found at least one error of some sort in
99% (yes, really) of the firewall rulesets they've examined.  If
I had to guess how many PKI deployments have problems, I'd put it in
the same ballpark.  They seem to fall into several broad categories
1) naming (including SANs), 2) expiration, 3) faulty trust
establishment.  These may or may not be fixable, but what doesn't

appear to be fixable is that too people don't really understand whatcertificates represent, the difference between a certificate and

a key, or what it means to TLS-protect traffic.

Listen to Ned, Adam.  He's right.

Melinda
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: https, (continued) Re: https, Bert Wijnen (IETF) Re: https, Eliot Lear Re: https, Donald Eastlake Re: https, t.petch Re: https, John C Klensin Re: https, ned+ietf Re: https, Adam Novak Re: https, ned+ietf Re: https, Adam Novak Re: https, Keith Moore Re: https, Melinda Shore <= Re: https, Eric Burger Re: https, John C Klensin Re: https, Hector Santos Re: https, Adam Novak Re: https, Hector Santos Re: https, t.petch Re: https, Glen Zorn Re: https, t.petch Re: https, t.petch Re: https, Glen Zorn