Re: Evaluation: draft-ietf-pilc-link-design - Advice for Internet Subnetwork Designers to BCP

["Steven M. Bellovin" <smb@research.att.com>]

In message <386D15C2-526B-11D7-A4B7-0003934B2128@cisco.com>, =?ISO-8859-1?Q?Pat
rik_F=E4ltstr=F6m?= writes:
>
>On torsdag, mar 6, 2003, at 22:50 Europe/Stockholm, Russ Housley wrote:
>
>> In my opinion, the Thawte web of trust makes X.509 certificates just 
>> as easy to use a PGP.  This is a step in the right direction, but it 
>> still keeps it to the techies.  We want it to MUCH easier to use than 
>> that.
>
>Regarding X.509, I have only used the openssl application and tried to 
>manage self-signed certificates for ssl (including creating certs 
>injected in Netscape and IE).
>
>Saying it was hard is an understatement.
>

Yes.  I've been trying to create the necessary certificates for a very 
simple use of stunnel, and the complexity of the instructions is 
mind-boggling.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)