The real problem that https has conspicuously failed to fix
James A. Donald
jamesd at echeque.com
Wed Jun 11 23:20:04 EDT 2003
--
On 10 Jun 2003 at 21:33, Anne & Lynn Wheeler wrote:
> certificates were originated to address a specific issue with
> key distribution and trust involving parties that 1) had no
> prior business relation, 2) were unlikely to have any future
> business relationship, and 3) didn't have online access to
> trusted 3rd party. however, it is actually much more natural
> in a standard business process setting that public key is
> registered in lieu of shared-secret authentication material
> when parties are involved that have established business
> relationship (aka for example a person with some sort of an
> account, especially in any sort of online paradigm). A
> trivial examples is certificateless operation with
> public/private keys for radius, kerbers pk-init or x9.59
> standard for all retail payment transactions (internet,
> non-internet, point-of-sale, debit, credit, ach,
> stored-value, etc).
I think you have put your finger right on the problem.
Certificates, https, and the entire PKI structure were designed
for an accountless world, but the problem is accounts.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
DxVY4Z01oFU7xvn07JDMoJBGMxVLt61s4VcQTMLB
4v46MbB1PtOjOaOcNvexHiyB1LzfD0RJ+CIPtD7RD
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list