[14252] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: End of the line for Ireland's dotcom star

daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Sep 23 17:53:05 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <4.2.2.20030923132954.0749a328@mail.earthlink.net>
Date: Tue, 23 Sep 2003 14:45:23 -0700
To: cryptography@metzdowd.com
From: Bill Frantz <frantz@pwpconsult.com>

At 12:45 PM -0700 9/23/03, Anne & Lynn Wheeler wrote:
>At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote:
>><http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html>
>
>so ignore for the moment the little indiscretion
>http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At
>least I hope it's new)
>http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At
>least I hope it's new)
>
>and the part of turning a simple authentication problem into a
>significantly harder and error prone (along with exploits and
>vulnerabilities ... not to say expensive) problem:
>http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security
>took the wrong branch?
>http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security
>took the wrong branch?
>http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a
>meaning
>
>
>there has been the some past discussions of what happens to long term CA
>private key management over an extended period of time, possibly involving
>several corporate identities. Checking latest release browsers ... I find
>two CA certificates for GTE cybertrust ... one issued in 1996 and good for
>10 years and another issued in 1998 and good for 20 years.
>
>so lets say as part of some audit ... is it still possible to show that
>there has been long term, continuous, non-stop, highest security custodial
>care of the GTE cybertrust CA private keys. If there hasn't ... would
>anybody even know? ... and is there any institutional memory as to who
>might be responsible for issuing a revokation for the keys? or responsible
>for notifying anybody that the certificates no longer need be included in
>future browsers?
>--
>Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
>Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Note that proposals such as Tyler Close's YURL
<http://www.waterken.com/dev/YURL/ > avoid the issue of trust in the
TTP/CA.  As such, I find them attractive whenever they can be used.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz        | "There's nothing so clear as   | Periwinkle
(408)356-8506      | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet." -- Dean Tribble     | Los Gatos, CA 95032


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post