ID "theft" -- so what?

[James A. Donald]

   --
Aram Perez
> There are at least two public key infrastructures that 
> do NOT require CAs: PGP and SPKI.

SPKI seems to me committees pondering what they might do 
with public keys, rather than an infrastructure.

> But like in so many real life cases, the best 
> technology does not always win and we are stuck with 
> the system that garnered the most business/ economic 
> support

In real life the best technology usually does win.  CA 
based PKI has lasted so long because it has not come 
under real world attack by real world adversaries until 
recently.  Hypothetical problems have only recently 
become real, as at last people have come to base the 
movement of valuable goods on promises exchanged over 
the internet.

A problem with the dot com boom, with all booms, was 
premature investment, leading to malinvestment. Existent 
PKI is one more piece of malinvestment, one more boom 
hangover.   Such hangovers can last a long time - After 
eighty years we are still getting out from under the 
excessively vertical integration of car assembly lines 
established in the nineteen twenties, but since the 
physical obstacles to change are much less in this case, 
this hangover will not last nearly so long.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     Fa1OKlHyGdiwEhSvi7sXvTo92wIBZ573qPLTCeLo
     4TtZu3a5eWXjqK4Ol9jEIvUqnJ22YwURQUJdaf5xF



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com