Keyservers and Spam

Anne & Lynn Wheeler lynn at garlic.com
Wed Jun 11 15:00:31 EDT 2003


At 10:27 AM 6/11/2003 -0700, bear wrote:
>I don't particularly like the commercial certs, but the thousand
>bucks or so ought to serve as a "bond", in that if people untrust
>the keys, there is real value that will be lost.  That makes it
>require some expenditure of resources to grab a new nym.  However,
>even when provoked - even when root certs have been **SOLD** -
>people still don't untrust them, because the news of the compromise
>doesn't propagate around triggering revokes on individual systems.

i've been told of the things that form the basis of contract/obligation is 
providing something in return for consideration. the certificate is sold to 
key owner, to the extent there is some obligation it is tetween the 
certificate issuer and the owner of the key.

there tends to not be any relationship between the relying party and the 
certification authority. i believe the federal gov. got around this by 
having GSA(?) be the certification authority .... with the certificate 
manufactures/issuers performing as agents of GSA .... and all the possible 
relying parties had some sort of contract with GSA.

That of course is a little awkward in the case of domain name server 
certificates .... having all the consumer relying parties in the world sign 
contracts with the major certificate vendors .... so it would establish 
some sort of obligation for relying on a certificate.
--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list