[13594] in cryptography@c2.net mail archive
Re: The real problem that https has conspicuously failed to fix
daemon@ATHENA.MIT.EDU (James A. Donald)
Thu Jun 12 10:21:27 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 20:20:04 -0700
In-reply-to: <4.2.2.20030610205320.00b20740@mail.earthlink.net>
--
On 10 Jun 2003 at 21:33, Anne & Lynn Wheeler wrote:
> certificates were originated to address a specific issue with
> key distribution and trust involving parties that 1) had no
> prior business relation, 2) were unlikely to have any future
> business relationship, and 3) didn't have online access to
> trusted 3rd party. however, it is actually much more natural
> in a standard business process setting that public key is
> registered in lieu of shared-secret authentication material
> when parties are involved that have established business
> relationship (aka for example a person with some sort of an
> account, especially in any sort of online paradigm). A
> trivial examples is certificateless operation with
> public/private keys for radius, kerbers pk-init or x9.59
> standard for all retail payment transactions (internet,
> non-internet, point-of-sale, debit, credit, ach,
> stored-value, etc).
I think you have put your finger right on the problem.
Certificates, https, and the entire PKI structure were designed
for an accountless world, but the problem is accounts.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
DxVY4Z01oFU7xvn07JDMoJBGMxVLt61s4VcQTMLB
4v46MbB1PtOjOaOcNvexHiyB1LzfD0RJ+CIPtD7RD
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
