[17944] in cryptography@c2.net mail archive
Re: ID "theft" -- so what?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jul 19 15:54:06 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: kelsey.j@ix.netcom.com
Cc: cryptography@metzdowd.com
In-Reply-To: <2139127.1121356714242.JavaMail.root@wamui-hound.atl.sa.earthlink.net>
Date: Mon, 18 Jul 2005 03:06:42 +1200
John Kelsey <kelsey.j@ix.netcom.com> writes:
>One nontrivial reason is that many organizations have spent a lot of time and
>money building up elaborate rules for using PKI, after long negotiations
>between legal and technical people, many hours of writing and revising,
>gazillions of dollars in consultants' time, etc. So, anytime you start doing
>anything involving public key cryptography, all this machinery gets invoked,
>for bureaucratic reasons. That is, you've now trespassed on PKI turf, and
>you'll have to comply with this enormous set of rules.
I've seen this happen on many occasions, one example being the posting I made
to this list a few months ago where an organisation had spent so much money
setting up a PKI that they then had to use it (even though it was totally
unnecesary for what they were doing) simply because it was there.
>I know of a couple cases where this led to really irritating results. In
>one, a friend of mine was using a digital signature to verify some fairly
>trivial thing, but was told it was against policy to use a digital signature
>without the whole PKI.
Been there, seen that. You're well into layers 8 and 9 whenever anything
related to PKI is involved. I think the fact that PKI is so strong at
enabling layers 8+9 is its great appeal to the inhabitants of said layers.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
