PKI: The terrorists' secret weapon
Anne & Lynn Wheeler
lynn at garlic.com
Wed Mar 14 12:22:35 EDT 2007
Peter Gutmann wrote:
>
> -- Snip --
>
> As Carl Ellison put it, "Plenty of PK, precious little I".
slightly related URL from this morning
Browser Certs Can't Force Adherence
http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=198000131
in the past, i've repeatedly asserted that the "I" in PKI filled a need related to
letters of credit/introduction left-over from the offline, sailing ship days.
In on online world, such "I" tends to be redundant and superfluous ... typically representing
an (expensive) duplication of other facilities.
Another way of looking at it is that typically cryptography has represented some aspect
of security ... and frequently the common wisdom is that security is something
that is best when built into the basic core business processes and infrastructure ... rather than
some independent add-on. This possibly has contributed to failure of most attempts to
create large revenue flow for some independent crypto/security feature (which frequently
is a characteristic of PKI deployments).
An example is some early to mid 90s proposed PKI deployments as an electronic driver's
license. The (driver's license) PKI certificate supposedly would be grossly
overloaded with personal information ... creating enormous privacy issues. Reliance on
information in the (PKI electronic) driver's license would be substituted for the growing
use of (online) real-time checks .... along with eliminating any of the information
that was becoming available from real-time checking (outstanding warrants, revocation,
overdue parking tickets, etc). Any claims as to real-time checks still could be done,
further highlighted the PKI part being a significantly expensive redundant and superfluous
operation.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list