[12860] in cryptography@c2.net mail archive
Re: Who's afraid of Mallory Wolf?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Mar 25 12:34:40 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 25 Mar 2003 17:28:44 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Ed Gerck <egerck@nma.com>
Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>,
Ian Grigg <iang@systemics.com>, cryptography@wasabisystems.com
In-Reply-To: <3E800350.5908EAE8@nma.com>
Ed Gerck wrote:
>>>BTW, this is NOT the way to make paying for CA certs go
>>>away. A technically correct way to do away with CA certs
>>>and yet avoid MITM has been demonstrated to *exist*
>>>(not by construction) in 1997, in what was called intrinsic
>>>certification -- please see www.mcg.org.br/cie.htm
>>
>>Phew, that is a lot of pages to read (40?). Its also rather though
>>material for me to digest. Do you have something like an example
>>approach written up? I couldn't find anything on the site that did not
>>require study.
>>
>
> ;-) If anyone comes across a way to explain it, that does not require study,
> please let me know and I'll post it.
AFAICS, what it suggests, in a very roundabout way, is that you may be
able to verify the binding between a key and some kind of DN by being
given a list of signatures attesting to that binding. This is pretty
much PGP's Web of Trust, of course. I could be wrong, I only read it
quickly.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
