CFP: PKI research workshop

Nelson Minar nelson at
Wed Dec 26 18:27:43 EST 2001

>HTTPS SSL does not use PKI. SSL at best has this weird system in which
>Verisign has somehow managed to charge web sites a toll for the use of
>SSL even though for the most part the certificates assure the users of
>nothing whatsoever.

To be fair, Verisign *is* a PKI. It's not the one a lot of us
want, but it is in wide usage.

>Of course, client side certificates barely even exist, although
>people made substantial preparation for them early on in the history
>of all of this.

I used to be puzzled by this. Then a couple of years ago I went
through the process of getting a client-side certificate to access my
student records at MIT. MIT is the only place I've ever seen to
require client-side certs for authentication, bless 'em.

It took me 30 minutes to establish a client side certificate, just so
I could view a web page with my own data on it. *thirty minutes*. And
I know a lot about cryptography. How would someone who'd never heard
of a public key do? This was on Netscape 4.0 on Linux. Maybe MSIE
things have improved since then, but I doubt it. (Anyone know?)

>PKI and the Emperor's New Clothes have a bunch in common.

It's very important to look at this truth and think about why. Part of
it is usability: Netscape could have made it easier for me. But a lot
of it is design. PKI is complicated: chains of authority are
complicated to understand, security technology is awkward for naive
users to use properly, and trying to do anything with revocation or
real time properties is a nightmare. 

The thing that makes me the most sad is that the PKI situation only
seems to be getting worse, not better. Now it looks like it's going to
be Passport that cracks the nut of client authentication, not PKI. And
the spoils go to the victor. Three years from now when you're paying a
monopolist a monthly fee for the priviledge of verifying your
identity, think hard about why.

                                                     nelson at
.       .      .     .    .   .  . .

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list