夜神 岩男 wrote: > The hard part is developing an initial understanding of how certificates > are interpreted and managed -- and where insecurity in the system can > arise. Key and certificate management is, in fact, the hardest part of > staying cryptographically secure at the present time. Unfortunately this > seems to be too much trouble for most large system administrators, even > at enormously connected places like universities, so it just gets > ignored and MitM attacks are more commonplace than most people realise. > The effects of such are generally minimal enough that most people don't > even know they've been snooped, however, which is a testament to how > unimportant most of our private data/lives really are anyway. Thanks again for your lucid explanation. I do feel there is a serious lack of what I would call "low-level" documentation in RedHat/CentOS/Fedora on authentication. On your last point, I do agree that many people seem to elevate their personal security to an absurd level, as though there are people in China who are desperate to find out their "secrets". Apart from credit card and bank account details I don't think most of us have anything of interest to declare. Speaking of China, I do find that according to logwatch/shorewall the majority of people trying to enter my system seem to live in that country. Maybe it is just that there are so many of them? Or are chinese naturally more inquisitive? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin