[8055] in cryptography@c2.net mail archive
Re: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)
daemon@ATHENA.MIT.EDU (Jim Choate)
Thu Nov 16 17:20:41 2000
Date: Wed, 15 Nov 2000 22:46:11 -0600 (CST)
From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com
Cc: dcsb@ai.mit.edu, Digital Bearer Settlement List <dbs@philodox.com>,
cryptography@c2.net
In-Reply-To: <Pine.SOL.4.10.10011152217400.3553-100000@cavern.uark.edu>
Message-ID: <Pine.LNX.3.96.1001115223602.730P-100000@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 15 Nov 2000, Mac Norton wrote:
> INteresting, but seems to assume that Alice entered her key without
> seeing the relevant record, or that same was substituted after key
> entry. Plausible? yes. Practical? help. Easy? help, please.
Actualy there is a whole host of issues with key management in regards PKC
and scaling to really usable system sizes. As Bruce points out, a major
one is the identity authentication.
And you can't use a levels of indirection (i.e. a key to certify a key add
infinitum).
Another is scaling, the problem with PGP is it's too hard to manage large
(i.e. 100's of Millions of keys) at the individual level. Yet any usable
systems must do just that.
What organization resolves protocols and who decides whom the primary
implimentor will be?
Consider the code base validation issue? Compare closed and open source
approaches, they each have some interesting problems.
My personal opinion is the only workable system is a 3-party with the 3rd
party acting as arbiter/notary. It is also just as clear that that group
can't be either a government agency or a profit making business. I also
believe that an OS along the Plan 9 lines is the ideal Internet framework.
The Austin Cypherpunks ran an anonymous remailer for about a year and we
discussed some of the issues we found on the cypherpunks list. You might
look back at the archives from about 2-3 years ago. The machine was called
kourier.ssz.com (it's long dead). There were also some legal liability
issues that our meager legal skills simply didn't resolve, and we didn't
have the money to do it professionaly.
____________________________________________________________________
He is able who thinks he is able.
Buddha
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage@ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
