home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20010921-20020314
/
000342_peter@taronga.com_Fri Feb 1 10:53:51 EST 2002.msg
< prev
next >
Wrap
Text File
|
2002-03-13
|
3KB
|
51 lines
Article: 13180 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!panix!nycmny1-snh1.gtei.net!cpk-news-hub1.bbnplanet.com!news.gtei.net!news.maxwell.syr.edu!newsfeed.stanford.edu!news.kjsl.com!news.usenet2.org!citadel.in.taronga.com!not-for-mail
From: peter@taronga.com (Peter da Silva)
Newsgroups: alt.sys.pdp10,alt.folklore.computers,comp.protocols.kermit.misc
Subject: Re: Internet Kermit Service (was Serving non-MS-word *.doc files)
Date: 1 Feb 2002 15:22:44 GMT
Organization: TSS Inc.
Lines: 33
Message-ID: <a3ebs4$22tb$1@citadel.in.taronga.com>
References: <3C4A7DF8.2AEC4BD7@trailing-edge.com> <a376o2$4ck$1@newsmaster.cc.columbia.edu> <a3cn0k$2ro9$1@citadel.in.taronga.com> <a3d13h$5nq$1@newsmaster.cc.columbia.edu>
NNTP-Posting-Host: citadel.in.taronga.com
X-Trace: citadel.in.taronga.com 1012576964 68523 10.0.0.43 (1 Feb 2002 15:22:44 GMT)
X-Complaints-To: usenet@taronga.com
NNTP-Posting-Date: 1 Feb 2002 15:22:44 GMT
X-Newsreader: trn 4.0-test72 (19 April 1999)
Xref: newsmaster.cc.columbia.edu alt.sys.pdp10:21236 alt.folklore.computers:288378 comp.protocols.kermit.misc:13180
In article <a3d13h$5nq$1@newsmaster.cc.columbia.edu>,
Jeffrey Altman <jaltman@watsun.cc.columbia.edu> wrote:
>Peter, I don't have time to debate with you on the merits of
>certificates vs. raw public keys. If you don't want to verify
>the certificates you don't have to. (at least not in Kermit.)
That is good.
>However, if you do want to have strong security and you are managing
>a large number of machines where to the extent that key management
>is an issue; or if you have to delegate the issuance and management
>of keys to someone other than yourself, then using a Certificate
>Authority (you can be your own) is a very good idea.
I'm not sure where you got the idea that I would have an argument with
that. I've specifically stated, and this is the third time, that the
application in question involves two machines, one key pair, and an
environment where at least one of the machines can not contact any
certificate authority (or in fact any third device, except in some
cases one of the firewalls between them) seen by the other. I suppose
you could make one of the two machines a certificate authority for the
single key pair they share, but I'm not sure that would buy you anything.
Thank you for the other information. I've been burned too often by Windows
software that just doesn't work in some unexpected but sensible configuration
to take it for granted, even for such a traditionally well-behaved application
as Kermit.
--
Rev. Peter da Silva, ULC. WWFD?
"Be conservative in what you generate, and liberal in what you accept"
-- Matthew 10:16 (l.trans)