[13455] in cryptography@c2.net mail archive
Re: Maybe It's Snake Oil All the Way Down
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Jun 4 15:06:13 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 5 Jun 2003 03:24:44 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ericm@lne.com, pgut001@cs.auckland.ac.nz
Cc: bill.stewart@pobox.com, cryptography@metzdowd.com,
cypherpunks@lne.com, ekr@rtfm.com, jamesd@echeque.com,
rsalz@datapower.com, sguthery@mobile-mind.com
Eric Murray <ericm@lne.com> writes:
>Too often people see something like Peter's statement above and say "oh, it's
>that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML
>instead and then it'll work fine" which is simply not true. The formatting of
>the certificates is such a minor issue that it is lost in the noise of the
>real problems. And Peter publishes a fine tool for printing ASN.1, so the
>"human readable" argument is moot.
>
>Note that there isn't a real running global PKI using SPKI or PGP either.
A debate topic I've thought of occasionally in the last year or two: If
digital signatures had never been invented, would we now be happily using
passwords, SecurIDs, challenge-response tokens, etc etc to do whatever we need
rather than having spent the last 20-odd years fruitlessly chasing the PKI
dream? There was some interesting work being done on non-PKI solutions to
problems in the 1970s before it all got drowned out by PKI, but most of it
seems to have stagnated since then outside a few niche areas like wholesale
banking, where it seems to work reasonably well.
(Hmm, now *that* would make an interesting panel session for the next RSA
conference).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
