ID "theft" -- so what?

Ian Grigg iang at systemics.com
Thu Jul 14 18:21:57 EDT 2005


On Thursday 14 July 2005 15:45, Aram Perez wrote:
> <RANT-PET_PEEVE>Why do cryptography folks equate PKI with  
> certificates and CAs?

Because it's the major example of what most would
agree is PKI, I'd guess.  When we talked to people
in the certs and CAs world, they call it PKI.  They
refer to lots of documents, which call it the PKI.  The
business model of PKI vendors used to at least be
partly based on selling certs.  It's an assumption
they make or made.

(John Kelsey answered this very well.)

> This fallacy is a major "root cause" of the   
> problem IHO. Why was the term "PKI" invented in the  late 70s/early  
> 80s (Kohnfelder's thesis?)?. Before the invention of asymmetric  
> cryptography, didn't those people who used symmetric cryptography  
> need an SKI (secret key infrastructure) to manage keys? But no one  
> uses the term SKI or talks about how to manage secret keys (a very  
> hard problem).

Exactly.

> Anytime you use any type of cryptography, you need an   
> "infrastructure" (<http://en.wikipedia.org/wiki/Infrastructure>) to  
> manage your keys, whether secret or public. There are at least two  
> public key infrastructures that do NOT require CAs: PGP and SPKI. But


There is a sort of doublethink here - when people
look down their nose at PKI from the PGP side,
the PKI side is sometimes at pains to say that PGP's
WoT is a PKI.  Yet when the converse happens
and PGP pundits suggest using WoT with (e.g.,)
x.509 certs, the PKI people say "WoT is not PKI."

Personally, I call "what PGP does" a Web of Trust.
And I call what browsers do a PKI.  The fact that
there is "trust" in PKI and there is "infrastructure"
in WoT is an issue, yes, but we have to have some
sense of differentiation;  and those terms are what
the people in those fields tend to be comfortable
with.

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list