Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 24 20:29:39 EST 2003


Anne & Lynn Wheeler <lynn at garlic.com> writes:

>1) x.509 certificates broadcast all over the world attacked to every
>transaction were in serious violation of all sorts of privacy issues
>2) certificates were fundamentally designed to address a trust issue in
>offline environments where a modicum of static, stale data was better than
>nothing
>3) offline, certificate oriented static stale processing was a major step
>backward compared to online, timely, dynamic processing.

X.509 certs were designed to solve the problem of authenticating users to the
global X.500 directory.  So they're good at what they were designed for
(solving a problem that doesn't exist [0]), and bad at everything else
(solving any other sort of problem).

Peter.

[0] Actually they're adequate at what they were designed for.  The original
    directory authentication work was really just a bunch of suggestions as to
    how you'd do it, ranging from passwords through to certs, and a lot of the
    cert stuff was more a set of suggestions than any firm guideline.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list