On 08/26/2011 11:22 AM, Adam Novak wrote:
For what reasons? Is it that things scheduled every year or every ten
years are easy for admins to miss? Or is it that it's hard to stay on
top of certificate revocations when they occur?

Firewall researchers have found at least one error of some sort in
99% (yes, really) of the firewall rulesets they've examined.  If
I had to guess how many PKI deployments have problems, I'd put it in
the same ballpark.  They seem to fall into several broad categories
1) naming (including SANs), 2) expiration, 3) faulty trust
establishment.  These may or may not be fixable, but what doesn't
appear to be fixable is that too people don't really understand what certificates represent, the difference between a certificate and
a key, or what it means to TLS-protect traffic.

Listen to Ned, Adam.  He's right.

Melinda
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to