[145681] in cryptography@c2.net mail archive
Re: About that "Mighty Fortress"... What's it look like?
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Aug 17 11:55:11 2010
Date: Tue, 17 Aug 2010 11:53:40 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Alexander Klimov <alserkli@inbox.ru>
Cc: cryptography@metzdowd.com
In-Reply-To: <TheMailAgent.e61000a56771fc@47edc2253335e7979dc0>
On Tue, 17 Aug 2010 15:04:00 +0300 Alexander Klimov
<alserkli@inbox.ru> wrote:
> On Sat, 31 Jul 2010, Perry E. Metzger wrote:
> > There is no rational reason at all that someone should "endorse" a
> > key when it is possible to simply do a real time check for
> > authorization. There is no reason to sign a key when you can just
> > check if the key is in a database.
>
> Each real-time check reveals your interest in the check. What about
> privacy implications?
Well, OCSP and such already do online checks in real time, so there is
no difference there between my view of the world and what people claim
should be done for certificates.
The more interesting question is whether the crypto protocols people
can come up with ways of doing online checks for information about
keys that don't reveal information about what is being asked for. That
would help in both the certificate and non-certificate versions of
such checks.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
