[14248] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: End of the line for Ireland's dotcom star

daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Tue Sep 23 15:55:14 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 23 Sep 2003 13:45:42 -0600
To: "R. A. Hettinga" <rah@shipwright.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <p06002087bb962d939838@[66.149.49.6]>

At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote:
><http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html>

so ignore for the moment the little indiscretion
http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At 
least I hope it's new)
http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At 
least I hope it's new)

and the part of turning a simple authentication problem into a 
significantly harder and error prone (along with exploits and 
vulnerabilities ... not to say expensive) problem:
http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security 
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security 
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a 
meaning


there has been the some past discussions of what happens to long term CA 
private key management over an extended period of time, possibly involving 
several corporate identities. Checking latest release browsers ... I find 
two CA certificates for GTE cybertrust ... one issued in 1996 and good for 
10 years and another issued in 1998 and good for 20 years.

so lets say as part of some audit ... is it still possible to show that 
there has been long term, continuous, non-stop, highest security custodial 
care of the GTE cybertrust CA private keys. If there hasn't ... would 
anybody even know? ... and is there any institutional memory as to who 
might be responsible for issuing a revokation for the keys? or responsible 
for notifying anybody that the certificates no longer need be included in 
future browsers?
--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post