Is cryptography where security took the wrong branch?

Anne & Lynn Wheeler lynn at garlic.com
Sun Sep 7 19:19:24 EDT 2003 

At 12:30 PM 9/7/2003 -0700, James A. Donald wrote:
>To the extent that trust information is centrally handled, as
>it is handled by browsers, it will tend to be applied in ways
>that benefit the state and the central authority.  Observe for
>example that today all individual certificates must be linked
>to one's true name and social security number if it is to
>receive default acceptance, and analogously for corporate
>certificates.

in the case of SSL domain name certificate .... for both domain name 
infrastructure and CA/PKI .... it is is a case of authenticating that the 
the web site you think you are talking to is really the web site you are 
talking to. The business issue is that the domain name registration and the 
CA/PKI are disjoint business operations and the domain name registration 
didn't provide for a really good authentication mechanism. As a result when 
getting a certificate request, the CA/PKI has to check with the domain name 
infrastructure .... map their information out to an external world 
identification, and then map the entity making the certificate request out 
to the same external world identification.

Out of all this, there is somewhat a request from the CA/PKI industry that 
a public key be registered as part of domain name registration (no 
certificate, just a public key registration). Then SSL domain name 
certificate requests coming into a CA/PKI can be digitally signed, the 
CA/PKI can retrieve the authoritative authentication public key (for the 
domain name ownership) from the domain name infrastructure and authenticate 
the request .... eliminating all the identification gorp (and also done w/o 
the use of certificates).

misc. additional recent musings:
http://www.garlic.com/~lynn/2003l.html#60  Proposal for a new PKI model (At 
least I hope it's new)
--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list