[8123] in cryptography@c2.net mail archive
Re: Public Key Infrastructure: An Artifact...
daemon@ATHENA.MIT.EDU (Lynn.Wheeler@firstdata.com)
Fri Nov 24 01:30:45 2000
From: Lynn.Wheeler@firstdata.com
To: Paul Crowley <paul@cluefactory.org.uk>
Cc: Mark Scherling <mscherling@xcert.com>, Bram Cohen <bram@gawth.com>,
"Arnold G. Reinhold" <reinhold@world.std.com>,
Ben Laurie <ben@algroup.co.uk>, obfuscation@beta.freedom.net,
cryptography@c2.net, cypherpunks@cyberpass.net, dcsb@ai.mit.edu
Message-ID: <852569A1.00048E9B.00@lnsunr02.fl.firstdata.com>
Date: Thu, 23 Nov 2000 17:48:21 -0800
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
the other way to look at it ... is why design something that is broken (i.e.
offline certificates in an online world) and then turn around it have to patch
it up (with various online CRLs) ... unless you are really interested in
featuring how broken something is.
there use to be a company that sold a lot of copying machines in the '80s ...
the product was one of the worst in the industry with regard to paper jamming.
they came out with a television ad campaign highlighting how easy it was to fix
paper jams in their product (compred to other products ... which of course you
hardly ever had to worry about fixing paper jams).
misc. refs:
http://www.garlic.com/~lynn/rfcietff.htm
select terms in the above and then select SPKI ... rfc2692 & rfc2693
in many cases ... the use of (offline paradigm) certificaets are superfulous
and redundant in an online environment ... much simpler to just register a
public key with the relying party or if you prefer .... appended certificates,
compressed to zero bytes ... significantly reducing the problem of revoking
information carried in the zero byte certificate.
http://www.garlic.com/~lynn/ansiepay.htm#aadsnwi2
http://lists.commerce.net/archives/ansi-epay/199910/msg00006.html
in general
http://www.garlic.com/~lynn/
random. other
http://weever.vic.cmis.csiro.au/~smart/tpki.html
Paul Crowley <paul@cluefactory.org.uk> on 11/23/2000 03:15:52 PM
To: Lynn Wheeler/CA/FDMS/FDC@FDC
cc: Mark Scherling <mscherling@xcert.com>, Bram Cohen <bram@gawth.com>,
"Arnold G. Reinhold" <reinhold@world.std.com>, Ben Laurie
<ben@algroup.co.uk>, obfuscation@beta.freedom.net, cryptography@c2.net,
cypherpunks@cyberpass.net, dcsb@ai.mit.edu
Subject: Re: Public Key Infrastructure: An Artifact...
Lynn.Wheeler@firstdata.com writes:
> The other solution is to go online and do real-time checks ... but
> doing real-time checks invalidates basic design decision trade-offs
> associated with choosing a R/O partial replicated distributed data
> implementation in the first place.
Have you looked at the design of SPKI CRLs? I think there are
possibilities in there that address the difficulties you raise.
--
__
\/ o\ paul@cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
