[606] in WWW Security List Archive
Re: Netscape Changes RSA tree
daemon@ATHENA.MIT.EDU (Ron Daniel Jr.)
Fri Apr 21 14:14:40 1995
From: "Ron Daniel Jr." <rdaniel@acl.lanl.gov>
Date: Fri, 21 Apr 1995 08:59:15 -0600
In-Reply-To: cwilson@spry.com
"Re: Netscape Changes RSA tree" (Apr 20, 8:28am)
reply-to: rdaniel@lanl.gov
To: cwilson@spry.com
Cc: www-security@ns1.rutgers.edu, lkn@llnl.gov
Errors-To: owner-www-security@ns2.rutgers.edu
Thus spoke cwilson@spry.com: (at least on Apr 20 at 8:28am)
> The need for a "universally trusted" root exists, and the possibility of
> that being government-based gives me the willies. I can't think of any party
> that could be said to be completely disinterested.
Your last sentence is the crucial one. I seriously doubt that any
universally trusted entity will ever exist, and I certainly don't see
one arising in the timescales that concern us for Internet standards.
You are absolutely correct (IMHO) to fear a government-based
certification system for your corporate or personal use. Compromise is
only a court-order away. For my employer's role as a lab dealing with
classified information, I think we have equally legitimate fears about
commercial certification services. (Although they might be fine for
sensitive but unclassified information).
However, even if we have a government-based system that we Yanks all
trust (Ha!) it is far from universally trusted. Do you think North Korea
will trust a system run by the US Govt.? Vice versa? Do you think the US
Congress would buy off on a certification scheme run by the UN? We don't
even place our soldiers under the command of foreign generals in UN
operations.
I suggest that we are best off forgetting about universal trust and
focusing our efforts on the architecture for an inter-realm authentication
mechanism. Then, depending on where a certificate comes from, we can decide
how much faith to place in it.
--
Ron Daniel Jr. email: rdaniel@lanl.gov
Advanced Computing Lab voice: (505) 665 0597
MS B287 fax: (505) 665 4939
Los Alamos National Laboratory http://www.acl.lanl.gov/~rdaniel/
Los Alamos, NM 87545 tautology:"Conformity is very popular"
