[8059] in cryptography@c2.net mail archive
Re: Public Key Infrastructure: An Artifact...
daemon@ATHENA.MIT.EDU (Bram Cohen)
Thu Nov 16 17:22:53 2000
Date: Thu, 16 Nov 2000 12:51:26 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: "R. A. Hettinga" <rah@shipwright.com>
Cc: cypherpunks@cyberpass.net, cryptography@c2.net, dcsb@ai.mit.edu,
Digital Bearer Settlement List <dbs@philodox.com>
In-Reply-To: <p05001981b6334ce9e31b@[10.0.1.2]>
Message-ID: <Pine.LNX.4.21.0011161250170.4382-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 11 Nov 2000, R. A. Hettinga wrote:
> Conventional, hierarchical PKI, built around the ISO standard X.509, has
> been, and will continue to be, a substantial failure. This paper examines
> that form of PKI architecture, and concludes that it is a very poor fit to
> the real needs of cyberspace participants. The reasons are its inherently
> hierarchical and authoritarian nature, the unreasonable presumptions it
> makes about the security of private keys, a range of other technical
> defects, confusions about what it is that a certificate actually
> authenticates, and its inherent privacy-invasiveness. Alternatives are
> identified.
In the vast majority of cases, preventing man in the middle attacks is a
waste of time.
-Bram Cohen
