[13583] in cryptography@c2.net mail archive
RE: Keyservers and Spam
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Jun 11 15:43:02 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 13:00:31 -0600
To: bear <bear@sonic.net>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Jill.Ramonsky@Aculab.com, dahonig@cox.net,
<cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.40.0306110948090.12737-100000@bolt.sonic.net>
At 10:27 AM 6/11/2003 -0700, bear wrote:
>I don't particularly like the commercial certs, but the thousand
>bucks or so ought to serve as a "bond", in that if people untrust
>the keys, there is real value that will be lost. That makes it
>require some expenditure of resources to grab a new nym. However,
>even when provoked - even when root certs have been **SOLD** -
>people still don't untrust them, because the news of the compromise
>doesn't propagate around triggering revokes on individual systems.
i've been told of the things that form the basis of contract/obligation is
providing something in return for consideration. the certificate is sold to
key owner, to the extent there is some obligation it is tetween the
certificate issuer and the owner of the key.
there tends to not be any relationship between the relying party and the
certification authority. i believe the federal gov. got around this by
having GSA(?) be the certification authority .... with the certificate
manufactures/issuers performing as agents of GSA .... and all the possible
relying parties had some sort of contract with GSA.
That of course is a little awkward in the case of domain name server
certificates .... having all the consumer relying parties in the world sign
contracts with the major certificate vendors .... so it would establish
some sort of obligation for relying on a certificate.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
