[145539] in cryptography@c2.net mail archive
Re: Five Theses on Security Protocols
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Sat Jul 31 23:21:31 2010
Date: Sat, 31 Jul 2010 19:28:14 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <20100731123239.2efc2f51@jabberwock.cb.piermont.com>
On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote:
> 5 Also related to 3, but important in its own right: to quote Ian
> Grigg:
>
> *** There should be one mode, and it should be secure. ***
6. Enrolment must be simple.
I didn't see anything about transitive trust. My rule regarding that:
7. Transitive trust, if used at all, should be used to bootstrap
non-transitive trust (see "enrolment must be simple") or should be
limited to scales where transitive trust is likely to work (e.g.,
corporate scale).
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
