[145446] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jul 28 10:37:37 2010
In-Reply-To: <20100728100522.6b6a3fe3@jabberwock.cb.piermont.com>
Date: Wed, 28 Jul 2010 15:16:32 +0100
From: Ben Laurie <benl@google.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Ben Laurie <ben@links.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
On 28 July 2010 15:05, Perry E. Metzger <perry@piermont.com> wrote:
> On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie <ben@links.org> wrote:
>> On 28/07/2010 14:05, Perry E. Metzger wrote:
>> > It is not always the case that a dead technology has failed
>> > because of infeasibility or inapplicability. I'd say that a
>> > number of fine technologies have failed for other reasons.
>> > However, at some point, it becomes incumbent upon the proponents
>> > of a failed technology to either demonstrate that it can be made
>> > to work in a clear and convincing way, or to abandon it even if,
>> > on some level, they are certain that it could be made to work if
>> > only someone would do it.
>>
>> To be clear, I am not a proponent of PKI as we know it, and
>> certainly the current use of PKI to sign software has never
>> delivered any actual value, and still wouldn't if revocation worked
>> perfectly.
>>
>> However, using private keys to prove that you are (probably) dealing
>> with the same entity as yesterday seems like a useful thing to do.
>
> I agree with that fully.
>
>> And still needs revocation.
>
> Does it?
>
> I will point out that many security systems, like Kerberos, DNSSEC and
> SSH, appear to get along with no conventional notion of revocation at all=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
