[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-pilc-link-design - Advice for Internet Subnetwork Designers to BCP
In message <386D15C2-526B-11D7-A4B7-0003934B2128@cisco.com>, =?ISO-8859-1?Q?Pat
rik_F=E4ltstr=F6m?= writes:
>
>On torsdag, mar 6, 2003, at 22:50 Europe/Stockholm, Russ Housley wrote:
>
>> In my opinion, the Thawte web of trust makes X.509 certificates just
>> as easy to use a PGP. This is a step in the right direction, but it
>> still keeps it to the techies. We want it to MUCH easier to use than
>> that.
>
>Regarding X.509, I have only used the openssl application and tried to
>manage self-signed certificates for ssl (including creating certs
>injected in Netscape and IE).
>
>Saying it was hard is an understatement.
>
Yes. I've been trying to create the necessary certificates for a very
simple use of stunnel, and the complexity of the instructions is
mind-boggling.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)