The real problem that https has conspicuously failed to fix
Anne & Lynn Wheeler
lynn at garlic.com
Thu Jun 12 10:35:03 EDT 2003
At 08:20 PM 6/11/2003 -0700, James A. Donald wrote:
>I think you have put your finger right on the problem.
>Certificates, https, and the entire PKI structure were designed
>for an accountless world, but the problem is accounts.
or slightly more accurately doing authentication for accounts. the other is
frequently confusing identification with authentication. the internet
registries (both domain and ip-address) haven't been doing authentication
... but just some simple identification. there are situations where
identification may quite orthogonal to whether or not you are the owner of
the account in question. also, identification also tends to open up the
whole can of worms around protecting privacy. as periodically stated (in
reference to x9.59) thick blanket of encryption protecting privacy
information is good, the information not being there at all is even better.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list