Another entry in the internet security hall of shame....
James A. Donald
jamesd at echeque.com
Sun Sep 11 00:16:58 EDT 2005
--
Peter Gutmann
> Long before the discussion on this list, there were
> already missionaries coming to the ietf-tls list to
> enlighten the heathens who dared to mention PSK and
> remind them of their duty to support PKI in all its
> infinite perfection, and not to take any false gods
> before it.
For PKI to have all these wonderful benefits, everyone
needs his own certificate. But the masses have not come
to the party, in part because of the rather Orwellian
requirements. Obviously I cannot get a certificate
testifying that I am the one true James Donald, because
I probably am not. So I have to get a certificate
saying I am the one true James Donald SS xxx-xx-xxxx -
the number of the beast.
Capitalism 101: The customer is always right. The
customer wants to use passwords. The customer has
decided. So shall it be.
So we are going to base identity and security on
passwords. If we are going to supplement the users
password with a nicely random number stored in his
computer, we should put the random number in his
bookmark, so that the the user conceives of it as his
secret web page, rather than his certificate.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
hrytA7Ym/9GHqXZ4CwiYi3aZrSwObH1bY7OKGXtY
4LcDIdLEhX7k8XcxPbgYmyqtGvkldcTESn1xhERwk
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list