[118660] in Cypherpunks
Re: Radicchio PKI standards group for mobile phones
daemon@ATHENA.MIT.EDU (Damien Miller)
Tue Oct 5 02:18:08 1999
Date: Tue, 5 Oct 1999 15:48:37 +1000 (EST)
From: Damien Miller <dmiller@ilogic.com.au>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cypherpunks@toad.com
In-Reply-To: <93904966011319@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.LNX.4.10.9910051514430.4501-200000@mothra.ilogic.com.au>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="617308614-1524603189-939102517=:4501"
Reply-To: Damien Miller <dmiller@ilogic.com.au>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--617308614-1524603189-939102517=:4501
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 5 Oct 1999, Peter Gutmann wrote:
> Damien Miller <dmiller@ilogic.com.au> writes:
>
> >On Thu, 30 Sep 1999, John Gilmore wrote:
> >>Well, except the part about the Certifying Authority "generating key
> >>pairs" and then handing over the supposedly-private key to the individual
> >>along with the signed public key.
> >
> >Australia Post's failed KeyPOST CA did this too.
>
> When did they fail? Their web page is still up, are they just plodding along
> like the traditional government bureaucracy project, or have they been
> declared officially dead?
They were killed because "the service has not met expectations and
its growth and take up rate have been less than what we expected."
I have attached a statement from KeyPOST which was posted to the
Link online policy mailing list (link@www.anu.edu.au) earlier this
year.
Based on this statement and a browse of their website, it does seem
that KeyPOST has reduced its operations to authenticating users on
behalf of another CA.
> >I suspect part of the reason for their failure was avoidance by
> >clued-in users.
>
> I think it was more a "solution in search of a problem" issue - once
> you've paid your annual tithe to Verisign or Thawte for a "make
> the warning dialogs on the users browser go away" server cert,
> what further use is a CA to the average person? I know what the
> theoretical use is, but what real, practical use does it currently
> have which is sufficient that users will pay for it?
True enough, but I think that .au is a still a large enough market
for a CA to survive from the server tithe alone. Alas KeyPOST never
made to the Netscape trusted CA list :)
IMO this was a good thing considering their key generation policy.
> Peter (who only last week talked to someone from an organisation
> similar to Australia Post which wanted to set up a CA. They had no
> idea what they> were going to do with it[0], but apparently it's
> fashionable to run a CA if you're a large organisation. Maybe it's
> some variation of the Dilbert "If I wear my hair in a ponytail I
> become cool" principal).
>
> [0] I mean they had literally no idea what use their CA was going to
> be, every> time I asked I got diverted into visions of smart cards
> and S/MIME and authentication and $buzzword1 $buzzword2 $buzzword3.
Organisational CAs would be an order of magnitude more useful in a
half-decent PKAF, not the multi-rooted, expensive and inconsistent
mess we have at the moment.
Damien
(who is setting up an organisational CA right now, purely for
website authentication -- sorry no smart cards or S/MIME)
- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3+ZE5ormJ9RG1dI8RAq+8AJkBlT3Lz83mDOeC8AVheXY3E79AVQCcDHjU
U/yCeh6lkkAzlu4cCfOrMIE=
=oabt
-----END PGP SIGNATURE-----
--617308614-1524603189-939102517=:4501
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="keypost.txt"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9910051548370.4501@mothra.ilogic.com.au>
Content-Description:
Content-Disposition: attachment; filename="keypost.txt"
RnJvbSB0b20ud29ydGhpbmd0b25AdG9tdy5uZXQuYXUgVHVlIE9jdCAgNSAx
NToxMzoxNyAxOTk5DQpEYXRlOiBUaHUsIDAxIEFwciAxOTk5IDIxOjQxOjQ4
ICsxMDAwDQpGcm9tOiBUb20gV29ydGhpbmd0b24gPHRvbS53b3J0aGluZ3Rv
bkB0b213Lm5ldC5hdT4NClRvOiBMaW5rIExpc3QgPGxpbmtAd3d3LmFudS5l
ZHUuYXU+DQpDYzogRWxlYW5vciBDaHJpc3RpbmUgQnJvb2tlciA8ZS5icm9v
a2VyQHVncmFkLnVuaW1lbGIuZWR1LmF1Pg0KU3ViamVjdDogQXVzdHJhbGlh
IFBvc3QgZGVjaWRlcyB0byBjZWFzZSBLZXlQT1NUDQoNCj5Gcm9tIEtleXBv
c3QgMTA6NDAgMS8wNC85OSArMTAwMCwgYnV0IG5vdCBhbiBBcHJpbCBGb29s
cyBkYXkgam9rZSwgSSBzdXNwZWN0Og0KDQo+QXVzdHJhbGlhIFBvc3QgaGFz
IGRlY2lkZWQgdG8gY2Vhc2UgaXRzIEtleVBPU1QodG0pIG9wZXJhdGlvbnMg
Y29uY2VybmluZw0KPnRoZSBnZW5lcmF0aW9uIG9mIHByaXZhdGUga2V5cyBh
bmQgY2VydGlmaWNhdGVzIGZyb20gMSBBdWd1c3QgMTk5OS4NCj5VbmZvcnR1
bmF0ZWx5LCB0aGUgc2VydmljZSBoYXMgbm90IG1ldCBleHBlY3RhdGlvbnMg
YW5kIGl0cyBncm93dGggYW5kIHRha2UNCj51cCByYXRlIGhhdmUgYmVlbiBs
ZXNzIHRoYW4gd2hhdCB3ZSBleHBlY3RlZC4NCj4NCj5JIHdvdWxkIGxpa2Ug
dG8gdGhhbmsgeW91IGZvciB5b3VyIHN1cHBvcnQgYW5kIGludGVyZXN0IGlu
IHRoZSBzZXJ2aWNlLCBidXQNCj5pdCBoYXMgYmVjb21lIGluY3JlYXNpbmds
eSBjbGVhciB0aGF0IHRoZSBzZXJ2aWNlIGlzIG5vdCBjb21tZXJjaWFsbHkN
Cj52aWFibGUuDQo+DQo+WW91IHdpbGwgYmUgb2ZmZXJlZCBhIGZ1bGwgcmVm
dW5kIG9mIHRoZSBsaWNlbmNlIGZlZSBwYWlkIGJ5IHlvdSBpbiByZXNwZWN0
DQo+b2YgeW91ciBjdXJyZW50IGxpY2VuY2UgcGVyaW9kLiAgQWx0ZXJuYXRp
dmVseSwgd2UgYXJlIGF0dGVtcHRpbmcgdG8gYXJyYW5nZQ0KPmZvciBhbm90
aGVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IHRvIHRha2Ugb3ZlciBLZXlQ
T1NUJ3Mgb3BlcmF0aW9ucy4gSWYNCj55b3UgYWdyZWUgdG8gdGhpcywgeW91
IGNhbiBjb250aW51ZSB5b3VyIGxpY2VuY2Ugd2l0aCB1cywgd2hpY2ggd2ls
bCB0aGVuIGJlDQo+dHJhbnNmZXJyZWQgdG8gYW5vdGhlciBjZXJ0aWZpY2F0
aW9uIGF1dGhvcml0eSAoaWYgY29tbWVyY2lhbCBhcnJhbmdlbWVudHMNCj5j
YW4gYmUgYWdyZWVkKS4gIElmIG5vdCwgeW91IHdpbGwgc3RpbGwgYmUgZW50
aXRsZWQgdG8gcmVjZWl2ZSB5b3VyIHJlZnVuZC4NCj4NCj4NCj5UaGVyZSBh
cmUgdHdvIGltbWVkaWF0ZSBzdGVwcyByZXF1aXJlZCBvZiBBdXN0cmFsaWEg
UG9zdCB0byBjZWFzZSBLZXlQT1NUJ3MNCj5vcGVyYXRpb25zOg0KPg0KPjEu
CXRoZSBDZXJ0aWZpY2F0ZSBQcmFjdGljZSBTdGF0ZW1lbnQgKENQUykgd2ls
bCBiZSBhbWVuZGVkIHRvIGFsbG93DQo+Zm9yIGEgcGFydGlhbCBjZXNzYXRp
b24gb2Ygc2VydmljZXMgYXMgS2V5UE9TVCB3aWxsIGNvbnRpbnVlIHRvIG9w
ZXJhdGUgYnV0DQo+aW4gYSBsaW1pdGVkIHJvbGUsIHRvIGF1dGhlbnRpY2F0
ZSB0aG9zZSBwZW9wbGUgYXBwbHlpbmcgZm9yIHByaXZhdGUga2V5cw0KPmFu
ZCBjZXJ0aWZpY2F0ZXMgZm9yIG90aGVyIGNlcnRpZmljYXRpb24gYXV0aG9y
aXRpZXM7IGFuZA0KPg0KPjIuCW9uY2UgdGhlIENQUyBpcyBhbWVuZGVkICh3
aGljaCByZXF1aXJlcyBvbmUgbW9udGhzIG5vdGljZSksIHdlDQo+aW50ZW5k
IHRvIGdpdmUgOTAgZGF5cyBub3RpY2Ugb2YgdGhlIGNlc3NhdGlvbiBvZiBp
dHMgb3BlcmF0aW9ucyBjb25jZXJuaW5nDQo+dGhlIGdlbmVyYXRpb24gb2Yg
cHJpdmF0ZSBrZXlzIGFuZCBjZXJ0aWZpY2F0ZXMsIHdoaWNoIGlzIGV4cGVj
dGVkIHRvIHRha2UNCj5lZmZlY3Qgb24gMSBBdWd1c3QgMTk5OS4gVGhhdCBp
cywgQXVzdHJhbGlhIFBvc3Qgd2lsbCBzZW5kIG5vdGlmaWNhdGlvbiB0bw0K
PnlvdSBhZnRlciB0aGUgQ1BTIGNoYW5nZXMgYXJlIGVmZmVjdGl2ZSwgZm9y
bWFsbHkgYWR2aXNpbmcgeW91IG9mIHRoZQ0KPmludGVuZGVkIGNlc3NhdGlv
biBvZiBzZXJ2aWNlcyBhbmQgb2ZmZXJpbmcgYSByZWZ1bmQgZm9yIHlvdXIg
dmFsaWQNCj5jZXJ0aWZpY2F0ZS4NCj4NCj5JZiB5b3UgaGF2ZSBhbnkgcXVl
cmllcyBpbiByZWxhdGlvbiB0byB0aGlzIG1hdHRlciwgcGxlYXNlIGRvIG5v
dCBoZXNpdGF0ZQ0KPnRvIGNvbnRhY3QgU3RlcGhlbiBXYWx0ZXIgb24gOTIw
NC03MTM1LiAgSSBlbmNsb3NlIE5vdGljZSBvZiBWYXJpYXRpb24gdG8NCj5j
bGF1c2UgOC4yIG9mIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRl
bWVudCB3aGljaCBzaGFsbCBhcHBseSBvbiBhbmQNCj5mcm9tIDEgTWF5IDE5
OTkuICBUaGlzIHZhcmlhdGlvbiBoYXMgYWxzbyBiZWVuIHNlbnQgdG8geW91
IGVsZWN0cm9uaWNhbGx5DQo+YW5kIGhhcyBiZWVuIHBvc3RlZCBvbiBvdXIg
d2Vic2l0ZS4NCg0KQkFDS0dST1VORDoNCg0KKiAiR2V0dGluZyBhIEtleVBP
U1QgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBQYXJ0IDEgLSBBcHBseWluZyBXZWQs
IDE5IEF1ZyAxOTk4DQowODoxMjozMyArMTAwMDogaHR0cDovL3d3dy5hbnUu
ZWR1LmF1L21haWwtYXJjaGl2ZXMvbGluay9saW5rOTgwOC8wMjUyLmh0bWwN
Cg0KKiBHZXR0aW5nIGEgS2V5UE9TVCBEaWdpdGFsIENlcnRpZmljYXRlIC0g
UGFydCAzIC0gVGhlIERpc2ssIFdlZCwgMTYgU2VwDQoxOTk4IDA4OjE2OjI2
ICsxMDAwOiBodHRwOi8vd3d3LmFudS5lZHUuYXUvbWFpbC1hcmNoaXZlcy9s
aW5rL2xpbms5ODA5LzAyNzIuaHRtbA0KDQoqIEVsZWN0cm9uaWMgQ29tbWVy
Y2U6IE5ldCBCZW5lZml0IGZvciBBdXN0cmFsaWE/LCBQcm9jZWVkaW5ncyBv
ZiB0aGUgMTk5OA0KSW5mb3JtYXRpb24gSW5kdXN0cnkgT3V0bG9vayBDb25m
ZXJlbmNlLCA3IE5vdmVtYmVyIDE5OTgsIElTQk4gMCA5MDk5MjUgNzINCjA6
IGh0dHA6Ly93d3cuYWNzLm9yZy5hdS9wcmVzaWRlbnQvMTk5OC9wYXN0L2lv
OTgvaW85OHByZ3MuaHRtIA0KDQoqICJTZW5hdG9yIEFsc3RvbiBtdXN0IGRp
cmVjdCBOT0lFIHRvIGltcGxlbWVudCBQS0FGLCBvciByaXNrIHRoZSBmYWls
dXJlIG9mDQplLWNvbW1lcmNlIGluIEF1c3RyYWxpYS4iIGZyb20gUmVwb3J0
IGZyb20gdGhlIDE5OTggSW5mb3JtYXRpb24gSW5kdXN0cnkNCk91dGxvb2sg
Q29uZmVyZW5jZSwgMTggTm92ZW1iZXIgMTk5ODoNCmh0dHA6Ly93d3cuYWNz
Lm9yZy5hdS9wcmVzaWRlbnQvMTk5OC9wYXN0L2lvOTgvZWNvbWF1Lmh0bSNj
b25jbHVzaW9uDQoNCg0KVG9tIFdvcnRoaW5ndG9uICAgICB0b20ud29ydGhp
bmd0b25AdG9tdy5uZXQuYXUgICBodHRwOi8vd3d3LnRvbXcubmV0LmF1DQpJ
bW1lZGlhdGUgUGFzdCBQcmVzaWRlbnQsIEF1c3RyYWxpYW4gQ29tcHV0ZXIg
U29jaWV0eQ0KRGlyZWN0b3IsIEludGVybmV0IFNvY2lldHkgb2YgQXVzdHJh
bGlhICAgIFBPIEJveCAxMywgQmVsY29ubmVuIEFDVCAyNjE3DQotLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0NCk5ldCBUcmF2ZWxsZXIgLSBPbi1saW5l
IFByZXBhcmF0aW9uIG9mIGEgQm9vazogaHR0cDovL3d3dy50b213Lm5ldC5h
dS9udA0KDQo=
--617308614-1524603189-939102517=:4501--
