[145448] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Jul 28 10:44:04 2010
Date: Wed, 28 Jul 2010 09:30:22 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Ben Laurie <ben@links.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
In-Reply-To: <20100728100522.6b6a3fe3@jabberwock.cb.piermont.com>
On Wed, Jul 28, 2010 at 10:05:22AM -0400, Perry E. Metzger wrote:
> PKI was invented by Loren Kohnfelder for his bachelor's degree thesis
> at MIT. It was certainly a fine undergraduate paper, but I think we
> should forget about it, the way we forget about most undergraduate
> papers.
PKI alone is certainly not the answer to all our problems.
Infrastructure (whether of a pk variety or otherwise) and transitive
trust probably have to be part of the answer for scalability reasons,
even if transitive trust is a distasteful concept. However, we need to
be able to build direct trust relationships, otherwise we'll just have a
house of transitive trust cards. Again, think of the the SSH leap-of-
faith and "SSL pinning" concepts, but don't constrain yourselves purely
to pk technology.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
