A mighty fortress is our PKI, Part II
Ben Laurie
ben at links.org
Wed Jul 28 09:38:53 EDT 2010
On 28/07/2010 14:05, Perry E. Metzger wrote:
> It is not always the case that a dead technology has failed because of
> infeasibility or inapplicability. I'd say that a number of fine
> technologies have failed for other reasons. However, at some point, it
> becomes incumbent upon the proponents of a failed technology to
> either demonstrate that it can be made to work in a clear and
> convincing way, or to abandon it even if, on some level, they are
> certain that it could be made to work if only someone would do it.
To be clear, I am not a proponent of PKI as we know it, and certainly
the current use of PKI to sign software has never delivered any actual
value, and still wouldn't if revocation worked perfectly.
However, using private keys to prove that you are (probably) dealing
with the same entity as yesterday seems like a useful thing to do. And
still needs revocation.
Is there a good replacement for pk for this purpose?
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list