Certificates turn 30, X.509 turns 20, no-one notices

Anne & Lynn Wheeler lynn at garlic.com
Thu Nov 27 11:18:18 EST 2008


On 11/27/08 05:13, Nicholas Bohm wrote:
> I've never been quite sure whether "Public" qualifies "Key" or
> "Infrastructure" - this may make a difference to what you count as a PKI.
>
> SWIFT (interbank messaging), BOLERO (bills of lading) and CREST (dealing
> in dematerialised stocks and shares) all use public key cryptography, I
> believe, and have all been reasonably successful; but they are all
> closed systems where each of the participants believes that it and the
> others can stand the risk of contractually-imposed non-repudiation rules
> (or they used to believe it, anyway).
>
> But what these examples illustrate, by the lack of "open" comparables,
> is the very limited utility of the technology.

in the past capitalization referred to CAs making the rounds of
wallstreet with $20B/annum business case (i.e. approx. $100/annum per
adult in the US).

The lower case "public key" met that an entity could make
their public key available ... as countermeasure to the shortcomings
of shared-secret (password/PIN) paradigm ... where a unique shared-secret
was required for every unique security domain (the current scenario where
scores or hundreds of unique shared-secrets have to be managed).

going from lower-case ... where an entity could share the same
public key with large number of different entities, to upper-case,
was the scenario justifying the $20B/annum business case.

sometimes the issue isn't whether the public key is open/closed ... the
issue is whether the business liability is between the parties
involved ... or should random, unrelated participants also get
involved in the business processes.

there have been some attempts at obfuscation ... attempting
to confuse the boundaries between the authentication technology
and the parties involved in business processes liability

i was at annual acm sigmod (aka database) conference in 91 (92?)
and during one of the sessions, somebody asked a question regarding
what was all this X.5xx stuff going on ... and the reply was that
a bunch of networking engineers were trying to re-invent 1960s
database technology.

-- 
40+yrs virtualization experience (since Jan68), online at home since Mar70

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list