A mighty fortress is our PKI, Part II

[Perry E. Metzger]

On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie <ben at links.org> wrote:
> On 28/07/2010 14:05, Perry E. Metzger wrote:
> > It is not always the case that a dead technology has failed
> > because of infeasibility or inapplicability. I'd say that a
> > number of fine technologies have failed for other reasons.
> > However, at some point, it becomes incumbent upon the proponents
> > of a failed technology to either demonstrate that it can be made
> > to work in a clear and convincing way, or to abandon it even if,
> > on some level, they are certain that it could be made to work if
> > only someone would do it.
> 
> To be clear, I am not a proponent of PKI as we know it, and
> certainly the current use of PKI to sign software has never
> delivered any actual value, and still wouldn't if revocation worked
> perfectly.
> 
> However, using private keys to prove that you are (probably) dealing
> with the same entity as yesterday seems like a useful thing to do.

I agree with that fully.

> And still needs revocation.

Does it?

I will point out that many security systems, like Kerberos, DNSSEC and
SSH, appear to get along with no conventional notion of revocation at all.

> Is there a good replacement for pk for this purpose?

I think public key cryptography is a wonderful thing. I'm just not
sure I believe at all in PKI -- that is, persistent certification via
certificates, certificate revocation, etc.

PKI was invented by Loren Kohnfelder for his bachelor's degree thesis
at MIT. It was certainly a fine undergraduate paper, but I think we
should forget about it, the way we forget about most undergraduate
papers.

Perry
-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com