Who's afraid of Mallory Wolf?
Ben Laurie
ben at algroup.co.uk
Tue Mar 25 16:35:53 EST 2003
Ed Gerck wrote:
>
> Ben Laurie wrote:
>
>
>>Ed Gerck wrote:
>>
>>>;-) If anyone comes across a way to explain it, that does not require study,
>>>please let me know and I'll post it.
>>
>>AFAICS, what it suggests, in a very roundabout way, is that you may be
>>able to verify the binding between a key and some kind of DN by being
>>given a list of signatures attesting to that binding. This is pretty
>>much PGP's Web of Trust, of course. I could be wrong, I only read it
>>quickly.
>
>
> This would still depend on what the paper calls "extrinsic references",
> that are outside the dialogue and create opportunity for faults (intentional
> or otherwise). The resulting problems for PGP are summarized in
> www.mcg.org.br/cert.htm#1.2.
It seems to me that the difference between PGP's WoT and what you are
suggesting is that the entity which is attempting to prove the linkage
between their DN and a private key is that they get to choose which
signatures the relying party should refer to.
Am I wrong?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list