From: attila <attila@primenet.com>
Date: Wed, 29 Nov 1995 17:44:04 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: The future will be easy to use
In-Reply-To: <199511281801.NAA00386@jekyll.piermont.com>
Message-ID: <Pine.BSD.3.91.951129093109.12710F-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



   what about the Sun release announced today? --it is fully functional
with DES and 3xDES, DH negotiation, etc. and is coded for either sun 4.1.3
or gcc compilers?  Check out http://skip.incog.com.  source to the SKIP
key management and IP layer encryption package for SunOs 4.x. 

On Tue, 28 Nov 1995, Perry E. Metzger wrote:

> 
> Jonathan Zamick writes:
> > This discussion was based on a group of people getting together to create
> > a new easy to use package for handling keys and such. The government is
> > going to try to take a dominant stance, and mandate elements of it.
> 
> So we can ignore tem. Big deal. They have no laws with which to
> enforce their desires.
> 
> > However, it is possible, even in an antagonistic relationship, to develop
> > positive feedback.
> 
> Who cares? An hour spent talking to an idiot from Washington is better
> spent writing good code unless there is a law pending in congress, in
> which case you are probably better off paying someone who knows what
> they are doing to do the talking for you.
> 
> > Returning to the original topic though, do we want to get a smaller list
> > together to spec out some ideas for the project that was discussed? A
> > simple, transparent, tool which would allow people to use strong encryption
> > without having to think about it?
> 
> You mean, like IPSEC/Photuris? I'll be running IPSEC (but sadly not
> Photuris, although I'll be trying to port Aggelos Keromytis' version
> at some point) on my laptop at the IETF meeting in Dallas (provided
> that I can buy a laptop in time.)
> 
> There are three things we are currently missing in the architecture,
> IMHO.
> 
> 1) We need a certificate system to replace X.509 and that plays nicely
>    with distributed databases.
> 2) We need to implement the Eastlake/Kaufman method for embedding
>    certificates in the DNS or something similar.
> 3) We need a good entity naming model.
> 
> Given all those being implemented, sometime soon I can see people
> telnetting or ftping hither and thither without ever noticing or
> caring that their sessions are completely encrypted.
> 
> We also have the following need:
> 
> 4) A good MIME mailer (that looks like NeXT Mail or something like it)
>    which has hooks for something MOSSlike that uses the same
>    certificate infrastructure described in 1-3 above.
> 5) SHTTP capable browsers that also use 1-3 listed above.
> 
> .pm
>