A mighty fortress is our PKI, Part II
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 28 08:18:24 EDT 2010
Ben Laurie <ben at links.org> writes:
>I find your response strange. You ask how we might fix the problems, then you
>respond that since the world doesn't work that way right now, the fixes won't
>work. Is this just an exercise in one-upmanship? You know more ways the world
>is broken than I do?
It's not just that the world doesn't work that way now, it's quite likely that
it'll never work that way (for the case of PKI/revocations mentioned in the
message, not the original SNI). We've been waiting for between 20 and 30
years (depending on what you define as the start date) for PKI to start
working, and your reponse seems to indicate that we should wait even harder.
If I look at the mechanisms we've got now, I can identify that commercial PKI
isn't helping, and revocations aren't helping, and work around that. I'm
after effective practical solutions, not just "a solution exists, QED"
solutions.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list