From owner-freebsd-security  Mon Dec 18 12:25:26 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec 18 12:25:23 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 2A0B437B404
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Dec 2000 12:25:23 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id eBIKPLh11016;
	Mon, 18 Dec 2000 12:25:21 -0800 (PST)
Date: Mon, 18 Dec 2000 12:25:20 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Kurt Seifried <seifried@securityportal.com>
Cc: Moses Backman III <penguinjedi@home.com>,
	Todd Backman <todd@flyingcroc.net>, freebsd-security@FreeBSD.ORG
Subject: Re: woah
Message-ID: <20001218122520.E19572@fw.wintelcom.net>
References: <Pine.BSF.4.21.0012172347240.48779-100000@security1.noc.flyingcroc.net> <20001218133716.A550@cg22413-a.adubn1.nj.home.com> <20001218104954.B19572@fw.wintelcom.net> <005a01c06924$77186340$ca00030a@seifried.org> <20001218112434.C19572@fw.wintelcom.net> <007401c06929$68298120$ca00030a@seifried.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <007401c06929$68298120$ca00030a@seifried.org>; from seifried@securityportal.com on Mon, Dec 18, 2000 at 12:33:31PM -0700
Sender: bright@fw.wintelcom.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Kurt Seifried <seifried@securityportal.com> [001218 11:33] wrote:
> > In a perfect world, you have your admin send you a pgp signed
> > message with the server public key in it.  When you initially
> > authenticate, you sure as hell make sure it matches.
> >
> > Not that difficult.
> 
> So you're volunteering to install PGP/GnuPG on 30,000 machines at the local university, and educate users how to use it? I'm sure
> Bob Beck will be happy to hear from you.

Depends on how happy he is with my price.

> This isn't a perfect world and we all know it. That's one reason
> I wrote this article.

I completely agree with you about things being imperfect, however
an inperfect world doesn't spell "The End of SSL and SSH".

What the world needs is informative articles written by talented 
people such as yourself that educate, not strike fear into the hearts
of administrators and business owners.

As your article stands it really doesn't offer any solutions to the
problems such as distributing the server keys with pgp signatures.

And that's all I have to say. :)

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message