[14016] in cryptography@c2.net mail archive
Re: invoicing with PKI
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Sep 3 11:08:50 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 03 Sep 2003 08:36:55 -0600
To: "James A. Donald" <jamesd@echeque.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Hadmut Danisch <hadmut@danisch.de>, cryptography@metzdowd.com
In-Reply-To: <3F552A9A.26091.38D674@localhost>
At 11:41 PM 9/2/2003 -0700, James A. Donald wrote:
>True names is where security took the wrong branch. The entire
>PKI structure has been rejected.
x.509 identity certificates are business processes ... not a cryptography
process. as I've mentioned elsewhere many of the institutions that looked
at x.509 identity certificates in the early 90s had retrenched to
relying-party-only certificates with just some sort of account number and
public key. The problem of overloading a x.509 identity certificate with
lots of privacy information turned out to be an enormous identity and
liability problem. Part of the issue was creating a certificate at some
time in the past and attempting to guess at what might be needed by various
random relying-parties in the future ... led to overloading certificates
with ever increasing privacy detail loaded. One of the content models was
driver's license, name, address, date-of-birth. date-of-birth is an obvious
identity theft vulnerability. The idea of randomly spraying your privacy
detail all over the earth (attached to every electronic operation) turned
out to be significant issues. Even just having your name attached to every
electronic operation and sprayed all over the world represented a
significant issue.
recent post in sci.crypt:
http://www.garlic.com/~lynn/2003l.html#33 RSA vs AES
and slightly related post (also from sci.crypt):
http://www.garlic.com/~lynn/2003l.html#36 Proposal for a new PKI model
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
