MI5 hate encryption so much, they don't use it!
Rodney Tillotson
Rodney.Tillotson at ukerna.ac.uk
Wed, 03 Jul 2002 16:36:46 +0100
At 03/07/2002 14:37 +0100, Quentin Campbell wrote:
> > I also note that RIPE themselves warn of the dangers of using
> > either MD5-PW or CRYPT-PW at
> > http://www.ripe.net/ripencc/pub-services/db/security.html
>
> "... please use CRYPT-PW as an addition[al authentication method],
> choosing a good password, but use PGPKEY for daily operations."
>
> When the experts at RIPE are offering that sort of advice perhaps
> Ben was being a little hard on MI5. :-)
RIPE NCC are climbing out of quite a deep hole. I forget the
numbers, but as well as the few who are comfortable with some sort
of crypto, there are thousands of maintainers who were never going
to be early adopters of anything better than MAIL FROM. Even now,
forcing them to move will give the NCC a lot of hand-holding work.
There are risks in what RIPE have done but there also risks in
anything they could recently have done instead. The timetable is
an attempt to balance those risks.
Rodney Tillotson, JANET-CERT
01235 822 340