CFP: PKI research workshop
Stef Caunter
stefan.caunter at senecac.on.ca
Mon Jan 14 10:55:11 EST 2002
Does a user of ssl services care to know absolutely that they are
communicating verifiably with whom they believe they have contacted, or does
the user care to know absolutely that their communication is completely
private?
I believe that the latter is most important; transparency through
certificate presentation is kept deliberately expensive and is, as has been
noted, often disclaimed by CAs, and is compromisable. It's an artificial
system of site security perpetuated by the interests of commercial browsers.
Why can't self-verification be promoted? Why can't an nslookup call be built
into certificate presentations?
Yeah I know there's no money in it and certs are one of the few things that
actually makes money on the net, but sometimes the built-in dumbing of the
commercial internet user by their browser goes too far.
The pure truth of mathematical encryption is sold and packaged as a
"certificate" to the internet user, when in fact its power and utility is
free of charge, and it is only disclaimed with respect to future or unknown
developments.
Stef Caunter
stefan.caunter at senecac.on.ca
##########################
$ find /self -ctime +1
######################################
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list