SCN: Re: OPS: A Preliminary Review of SSL

J. Johnson jj at scn.org
Thu Mar 2 00:38:40 PST 2000 

Taking Andrew's comment first, there is nothing about SCN's "platform"--
meaning hardware or operating system--that precludes encryption services
such as SSL.  The reason such services are "unsuitable for SCN" (at least
at the current time) can be taken from Rod's comment:  "responsibly run". 

As I pointed out in the original post to the 'hardware' list, it is ill
advised to run any kind of encryption service on a multi-user networked
host.  Not that it cannot be done, for nearly any fool can fire up a web
server, call it "secure", and offer services.  But to do so responsibly
(to not cruelly deceive people with a parody of security)  requires an
attentiveness to security that SCN has just not been able to attain.

Rod asks, "What exact steps would SCN have to undertake before it could
run LynxSSL with good results?"  I don't know.  The best approach might be
to just do PPP, and let the users do SSL on their own machines (with SCN
being just a conduit).  As to PPP:  well, I think I could turn it on in
about twenty minutes.  But Rod did say, "with good results", and that
depends on a lot of other work, so again:  I don't know.  I wanted to work
on a key element of that tonight, but once again the several hours I had
for SCN have just slipped away.

What's to be done?  I don't know.  While technical work is involved, the
failure to get it done seems to be non-technical.  There are certainly
problems in Operations--even if we are upaid volunteers I think we should
be doing better.  I would very much like someone (Andrew? Rod?) to
"consult"  with some other freenets and see how they get work done with
unpaid staff.  But I think we also have organizational problems
(especially when I consider how much time I put into non-technical issues
here).  And that is a Board issue--which the Board refuses to address. 

So what can I tell you?  That I'm working on it, go bug someone else?
That your expectations outreach our capabilities?  Or go find out how
how other freenets do and tell me?  Or that we will have grown-up services
when we grow up?  After several hours of cogitation:  I still don't know.

(And I hope the rest of you can carry this discussion without me because I
really would like to do the technical stuff instead.) 

=== JJ =================================================================

On Wed, 1 Mar 2000, Rod Clark wrote:

> [....]
>    This may be true. But quite a number of responsibly run sites
> do use LynxSSL. What exact steps would SCN have to undertake
> before it could run LynxSSL with good results?
> 
> Rod

On Wed, 1 Mar 2000, Andrew Higgins wrote:

>  [....]
>  I too wonder if there is something inherently unique or different about
>  SCN's platform or structure that precludes implementation of SSL. If so
>  what is it and how can we move beyond it.
> 
>  Rod mentions other systems that are using LynxSSL, perhaps some of them
>  on a Unix platform. We might consult with them on how they are doing it.
> 
>  Or is it necessary to move to Linux or FreeBSD? There are plans afoot to
>  do just that I believe. In the interim, why is a widely used and accepted
>  standard for encryption unequivocally unsuitable for SCN?
> 
>  -Andrew
> 




* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *

More information about the scn mailing list