[VPN] Details on the cert issue

Natasha Smith natasha at espace.net
Fri Aug 16 18:07:17 EDT 2002


SSL, like any other protocol (including, most definitely, IPSEC,
comes with an implied warning label:

    WARNING:

    ENGAGE BRAIN BEFORE IMPLEMENTING STANDARD.


That is, your vendor should bother to get it right.  There used to be
vendors who stored keys on disks.  there were vendors who stored private
keys for certs, in the clear, in obvious places on client machines.

all these things are issues we have to deal with.

this SSL debacle is a pain, but it has annoying parallels in the VPN
(IPSEC) world.  We should not ignore the lessons learned here.


At 11:27 PM 8/15/2002 -0600, Kurt Seifried wrote:
>Great, so I'm supposed to install your cert which can potentially sign other
>certificates. Great. And people wonder why I hate SSL.




More information about the VPN mailing list