About that "Mighty Fortress"... What's it look like?
Perry E. Metzger
perry at piermont.com
Tue Aug 17 11:53:40 EDT 2010
On Tue, 17 Aug 2010 15:04:00 +0300 Alexander Klimov
<alserkli at inbox.ru> wrote:
> On Sat, 31 Jul 2010, Perry E. Metzger wrote:
> > There is no rational reason at all that someone should "endorse" a
> > key when it is possible to simply do a real time check for
> > authorization. There is no reason to sign a key when you can just
> > check if the key is in a database.
>
> Each real-time check reveals your interest in the check. What about
> privacy implications?
Well, OCSP and such already do online checks in real time, so there is
no difference there between my view of the world and what people claim
should be done for certificates.
The more interesting question is whether the crypto protocols people
can come up with ways of doing online checks for information about
keys that don't reveal information about what is being asked for. That
would help in both the certificate and non-certificate versions of
such checks.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list