browser vendors and CAs agreeing on high-assurance certificates

[Anne & Lynn Wheeler]

David Mercer wrote:
> Holy water indeed!  As at least someone on this list doesn't seem to
> see that there is a 'too many true names' problem, here are some
> examples from the ssl sites I use (almost) daily.  Second level
> domains changed to protect the guilty (and url's chopped for safety):

part of the issue is that certification authority trust model is
attempting to equate internet routing names with business entity names
.... something that they were never designed to do. it isn't so much
that there are too many names ... but that business name operation and
internet routing names were never designed to be used as the same thing
(even for business operation names ... in the same jurisdiction, you may
have a business organization with three different names ... where what
is on the store front ... is different than what is registered at state
business agency).

another part of the issue might be considered that effectively digital
certificate paradigm (designed for offline operation in lieu of the
replaying party having any other resources) comes down to the individual
having to repeat the whole trust sequence on every cycle ... each
operation resends the same certificate requiring that all the operations
have to be repeated. this is in-turn predicated on the assumption that
the user has no resources for online, real-time information and no local
trusted memory (other than the local trusted public key repository where
there are attempts to reserve for certification authority use only). the
problem here is that it is long known that you run into trouble if you
force the end-user to repeat the same operations over, and over, and
over again ... until they become meaningless. in conjunction ... digital
certificate operations (at least exposed to the end-user) have been
forced to be more & more hidden and more & more trivial. more consistent
with long recognized human factors is to have the end-user perform some
sequence of recognizable trust operations once per site ... and then
save the results of those operations for future use (like validating a
public key and saving it in their local trusted public key repository)
... rather than forcing that ALL the trust operations have to be
repeated on every interaction (which in-turn, forces what trust
operations are performed to be more and more trivial as the repitition
becomes more & more meaningless to the end-user).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com