[18173] in cryptography@c2.net mail archive
Re: The summer of PKI love
daemon@ATHENA.MIT.EDU (Mark Allen Earnest)
Fri Aug 12 15:48:55 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 12 Aug 2005 14:44:32 -0400
From: Mark Allen Earnest <mxe20@psu.edu>
Reply-To: mxe20@psu.edu
To: cryptography@metzdowd.com
In-Reply-To: <42FC71D5.28158.7A3CE97@localhost>
This is a cryptographically signed message in MIME format.
--------------ms080004000209090305010405
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
James A. Donald wrote:
> --
> From: Stephan Neuhaus
> <neuhaus@st.cs.uni-sb.de>
>
>>So, the optimism of the article's author aside, where
>>*do* we stand on PKI deployment?
>
>
> PKI's deployment to identify ssl servers is near one
> hundred percent. PKI's deployment to sign and secure
> email, and to identify users, is near zero and seems
> unlikely to change. PGP has substantially superior
> penetration.
I would rank it closer to 0% myself. Don't get me wrong, we have plenty
of PK deployment with SSL servers, just no I. Anyone doing revocation
checking? How do you even do it? CRL? Delta CRL? OSCP? Do any browsers
really support these things? For those that do does any user actually
know how to do it? PKI is a massive undertaking that many seem to
confuse with just public key cryptography. Public key crypto is just one
component of PKI, and frankly I know VERY few groups that are actually
doing PKI and doing it right.
What we have are a couple dozen certificate authorities that were deemed
trustworthy by Microsoft that do not pop up warnings, and the rest that
do pop up warnings that most people blissfully ignore. HTTPS is really
good for encryption, absolutely sucks in practice for trust.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
KB3LYB
--------------ms080004000209090305010405
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJBzCC
At4wggJHoAMCAQICAw1wEjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQxMTE2MTc1OTIyWhcNMDUxMTE2MTc1OTIy
WjBWMRAwDgYDVQQEEwdFYXJuZXN0MQ0wCwYDVQQqEwRNYXJrMRUwEwYDVQQDEwxNYXJrIEVh
cm5lc3QxHDAaBgkqhkiG9w0BCQEWDW14ZTIwQHBzdS5lZHUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKF/gAghi+PQ04m+SJxsm6GFXgh3vOyqvbXJfC9elbMvaW+bu8a+QK
ZzbVDGioDv0q4G8Y904fk01E5Ka5Yyor/wyuVtrI2cZSbiShbacBfy7zAwH9XjzSOOOnNdTJ
u9hF1Yb4lkrLOvcxvkTt/mfd5tOUlxGddsn3djr3PpGBt0yLxCiCuHOoOt6lGP4bsnrFwytK
Zibz7Xk9FFKPuSoDOOSjv1VruK7pYdwXVN91U0FPr40wOvvVtFG3+jOho55sMil2RJrTMIwE
4z7cAY6d6PQq8ma7oAvCOg9Usg5MEsJ1fRX/ICxUoL4XHyTr74LNENbLH0RF/Oh1firyAC1p
AgMBAAGjKjAoMBgGA1UdEQQRMA+BDW14ZTIwQHBzdS5lZHUwDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQQFAAOBgQBx7JN/+/L3thZHn/rA6wR6GTXDizO6tilREgQgCNr6NM8On1u0d0Ea
Gxa5sso4asTSr1RdlciJbFH0bRB5kn7hXv/+3QqzuzzL5iJTKPKa96mmeJNqODD8isVNnwvk
bDZY64KAG3qgeaZYjJz7H/YrXvLloMK49ccMWhuBZlCcFjCCAt4wggJHoAMCAQICAw1wEjAN
BgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwHhcNMDQxMTE2MTc1OTIyWhcNMDUxMTE2MTc1OTIyWjBWMRAwDgYDVQQEEwdFYXJu
ZXN0MQ0wCwYDVQQqEwRNYXJrMRUwEwYDVQQDEwxNYXJrIEVhcm5lc3QxHDAaBgkqhkiG9w0B
CQEWDW14ZTIwQHBzdS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKF/gA
ghi+PQ04m+SJxsm6GFXgh3vOyqvbXJfC9elbMvaW+bu8a+QKZzbVDGioDv0q4G8Y904fk01E
5Ka5Yyor/wyuVtrI2cZSbiShbacBfy7zAwH9XjzSOOOnNdTJu9hF1Yb4lkrLOvcxvkTt/mfd
5tOUlxGddsn3djr3PpGBt0yLxCiCuHOoOt6lGP4bsnrFwytKZibz7Xk9FFKPuSoDOOSjv1Vr
uK7pYdwXVN91U0FPr40wOvvVtFG3+jOho55sMil2RJrTMIwE4z7cAY6d6PQq8ma7oAvCOg9U
sg5MEsJ1fRX/ICxUoL4XHyTr74LNENbLH0RF/Oh1firyAC1pAgMBAAGjKjAoMBgGA1UdEQQR
MA+BDW14ZTIwQHBzdS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBx7JN/
+/L3thZHn/rA6wR6GTXDizO6tilREgQgCNr6NM8On1u0d0EaGxa5sso4asTSr1RdlciJbFH0
bRB5kn7hXv/+3QqzuzzL5iJTKPKa96mmeJNqODD8isVNnwvkbDZY64KAG3qgeaZYjJz7H/Yr
XvLloMK49ccMWhuBZlCcFjCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJ
BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTEr
MCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcw
MDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg
Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h
aWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065ypla
HmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FW
y688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE
QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2
oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js
MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0x
MzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYf
qi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9l
X5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIIDNwIBATBp
MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu
MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDXASMAkG
BSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
DTA1MDgxMjE4NDQzMlowIwYJKoZIhvcNAQkEMRYEFOPUbi8IPYAsyJWgKm4wb7DAF5WGMFIG
CSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC
AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMNcBIwegYLKoZIhvcNAQkQ
Agsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID
DXASMA0GCSqGSIb3DQEBAQUABIIBAEiVcs1ihR2f00aDRyEXTkOEXZ6nXAUd4cKxaTJCBDaq
4vaOTFvHwCRuCDPKBPyFAhe8/jTwesJyVMBZPduConPYk6ovFNIRCvdJr2hnOK//USO70mV9
drs8xyZDGF6ftM3x5X04mA7k6JM/5XTYuvcK321FDo08TNBLt4DNL8TREQQpJWHF+pvOhi3S
uxgToPOFZhAMkZRNBA4sS4912jN0N21VilB+NYv5pwUEchqhxEf4llkZZErLN3EsAp7KEr/x
RVm41Z0tnBY1q9KqQpE+/sqJ6Bj2Ty37k8TVjJ5FhPZr5rcKDlkbJ4FTcJiTmzOEVNe3VTfk
HkEz82QIaVMAAAAAAAA=
--------------ms080004000209090305010405--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
