A mighty fortress is our PKI, Part II
Ben Laurie
ben at links.org
Wed Jul 28 08:21:33 EDT 2010
On 28/07/2010 13:18, Peter Gutmann wrote:
> Ben Laurie <ben at links.org> writes:
>
>> I find your response strange. You ask how we might fix the problems, then you
>> respond that since the world doesn't work that way right now, the fixes won't
>> work. Is this just an exercise in one-upmanship? You know more ways the world
>> is broken than I do?
>
> It's not just that the world doesn't work that way now, it's quite likely that
> it'll never work that way (for the case of PKI/revocations mentioned in the
> message, not the original SNI). We've been waiting for between 20 and 30
> years (depending on what you define as the start date) for PKI to start
> working, and your reponse seems to indicate that we should wait even harder.
> If I look at the mechanisms we've got now, I can identify that commercial PKI
> isn't helping, and revocations aren't helping, and work around that. I'm
> after effective practical solutions, not just "a solution exists, QED"
> solutions.
The core problem appears to be a lack of will to fix the problems, not a
lack of feasible technical solutions.
I don't know why it should help that we find different solutions for the
world to ignore?
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list