Re: pgp signing in van
David Morris <dwm@xpasc.com> Mon, 09 September 2013 21:19 UTC
Return-Path: <dwm@xpasc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B01B21F83EF for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 14:19:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjyHuFqQQFq2 for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 14:19:45 -0700 (PDT)
Received: from c2w3p-2.abacamail.com (c2w3p-2.abacamail.com [209.133.53.32]) by ietfa.amsl.com (Postfix) with ESMTP id 6727021E80D1 for <ietf@ietf.org>; Mon, 9 Sep 2013 14:19:45 -0700 (PDT)
Received: from xpasc.com (h-68-164-244-188.snva.ca.megapath.net [68.164.244.188]) by c2w3p-2.abacamail.com (Postfix) with ESMTP id C623A40511 for <ietf@ietf.org>; Mon, 9 Sep 2013 21:19:44 +0000 (UTC)
Received: from egate.xpasc.com (egate.xpasc.com [10.1.2.49]) by xpasc.com (8.13.8/8.13.8) with ESMTP id r89LJirU028494 for <ietf@ietf.org>; Mon, 9 Sep 2013 14:19:44 -0700
Date: Mon, 09 Sep 2013 14:19:44 -0700
From: David Morris <dwm@xpasc.com>
To: ietf@ietf.org
Subject: Re: pgp signing in van
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B63077527D64A@mbx-01.win.nominum.com>
Message-ID: <alpine.LRH.2.01.1309091346550.28117@egate.xpasc.com>
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com> <522A71A5.6030808@gmail.com> <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com> <CAPv4CP_ySqyEa57jUocVxX6M6DYef=DDdoB+XwmDMt5F9eGn1A@mail.gmail.com> <18992.1378676025@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527BC7A@mbx-01.win.nominum.com> <13787.1378730617@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527C8AB@mbx-01.win.nominum.com> <3CC64F25-183D-4E8D-868F-A0AAC2B2D04F@danyork.org> <8D23D4052ABE7A4490E77B1A012B63077527D64A@mbx-01.win.nominum.com>
User-Agent: Alpine 2.01 (LRH 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Milter-Version: master.87-g7939dec
X-AV-Type: clean
X-AV-Accuracy: exact
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 21:19:52 -0000
On Mon, 9 Sep 2013, Ted Lemon wrote: > It might be worth thinking about why ssh and ssl work so well, and PGP/GPG don't. Umm, I question a conclusion that either ssh or ssl work well. ssh works reasonably well around me because I can help everyone get the details aligned. Even knowing all the rules, I frequently spend time fixing permission issues. Furthermore, the kinds of connectivity generally supported is that used by techies. ssl works so well that I've never worked in an environment with client certificates. (That was sarcasm, more to follow.) It works so well for me that it took 3 tries to get a cerficate and install it for MS Exchange OWA. I had a server cluster to move to a new data center. Two certificates for two sites. My experience to that point was I had to enter a pass phrase to get the web server to start. Turns out one certificate had a pass phrase and one didn't, so when porting the first site didn't result in a passphrase prompt, I conconcluded that I didn't have ssl working OR that somehow the passphrase prompt wasn't enabled. I spent hours and hours and didn't figure it out until I ported the second site. I think there is a common problem for all the variations of encryption. The tools and human interfaces are seriously lacking features needed to make use smooth. Code signing is another sore spot for me ... the hoops I have to jump through to update the certificate are amazing. Confounded last year by expiration of the root certificate. Dave Morris
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker