[14062] in cryptography@c2.net mail archive
Re: Is cryptography where security took the wrong branch?
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Sep 7 17:59:38 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: crypto <cryptography@metzdowd.com>
Date: Sun, 7 Sep 2003 12:30:22 -0700
In-reply-to: <kjfzj8zgrt.fsf@romeo.rtfm.com>
--
On 7 Sep 2003 at 9:48, Eric Rescorla wrote:
> It seems to me that your issue is with the authentication
> model enforced by browsers in the HTTPS context, not with SSL
> proper.
To the extent that trust information is centrally handled, as
it is handled by browsers, it will tend to be applied in ways
that benefit the state and the central authority. Observe for
example that today all individual certificates must be linked
to one's true name and social security number if it is to
receive default acceptance, and analogously for corporate
certificates.
To the extent that trust information is decentralized in end
user databases, as it is handled by SSH clients it will tend to
be applied in ways that benefit the end user.
Unsurprisingly, we observe greater end user utilization of SSH
public keys. The vast majority of people encounter the
concept of a public key when they log on to an SSH server.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
+VOl3Vqd/2KPdwuRgmR7CoTexKy84DdSChLXr3rS
4WcxJQwYP0cvPgTXK3Xq5OaTtELGHKXqra0DHd90x
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
