307 digit number factored

James A. Donald jamesd at echeque.com
Wed May 23 18:02:11 EDT 2007 

     --
Anne & Lynn Wheeler wrote:
 > So one of the proposals (somewhat backed by the domain
 > name certification authority industry) is that domain
 > name owners place a public key on file when they
 > register a domain name with the domain name
 > infrastructure. They all future communication with the
 > domain name infrastructure can be digitally signed ...
 > and the domain name infrastructure verify the digital
 > signature with the onfile public key.

If the decision was to be made by five engineers sitting
around a coffee table, they would agree on a solution in
a few minutes, and implement it in a week, but a
committee of seventeen people could not agree to adjourn
a meeting held in a burning building.

The problem is organizational.  To get one decision
centrally made and imposed on everyone requires a
central body capable of making decisions and imposing
them on everyone, and before it can get that authority,
that central body usually has to raze Atlanta and burn
the crops, or inflict genocidal famine on the Ukraine.

The great strength and great weakness of the internet is
that it is an anarchy.  Anything that requires one
decision made for all, such as the domain name system,
got frozen when the internet became too large for
decision making by consensus, and is now extremely
difficult to change.

So to make changes, they have to be made incrementally:
You need a CA with the proposed policy and a deal with
several registrars, and that CA needs to get on the
Mozilla and IE list.  Nice selling point.  If you
register with, say OpenSRS, you would automatically get
an SSL cert. Unfortunately, the certification process
for a CA to get on the browser list seems to be somewhat
circular - to be a CA, you have to prove you are like
existing CAs, which is most easily done if you *are* an
existing CA, and have no intention of changing the way
you work.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list