A mighty fortress is our PKI, Part II
Ben Laurie
benl at google.com
Wed Jul 28 10:16:32 EDT 2010
[Moderator's note: due to a bug in the moderation software, this was
sent out twice with Ben's response cut off in the middle. My
apologies. --Perry]
On 28 July 2010 15:05, Perry E. Metzger <perry at piermont.com> wrote:
> On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie <ben at links.org> wrote:
>> On 28/07/2010 14:05, Perry E. Metzger wrote:
>> > It is not always the case that a dead technology has failed
>> > because of infeasibility or inapplicability. I'd say that a
>> > number of fine technologies have failed for other reasons.
>> > However, at some point, it becomes incumbent upon the proponents
>> > of a failed technology to either demonstrate that it can be made
>> > to work in a clear and convincing way, or to abandon it even if,
>> > on some level, they are certain that it could be made to work if
>> > only someone would do it.
>>
>> To be clear, I am not a proponent of PKI as we know it, and
>> certainly the current use of PKI to sign software has never
>> delivered any actual value, and still wouldn't if revocation worked
>> perfectly.
>>
>> However, using private keys to prove that you are (probably) dealing
>> with the same entity as yesterday seems like a useful thing to do.
>
> I agree with that fully.
>
>> And still needs revocation.
>
> Does it?
>
> I will point out that many security systems, like Kerberos, DNSSEC and
> SSH, appear to get along with no conventional notion of revocation at all
Maybe it doesn't, but no revocation mechanism at all makes me nervous.
I don't know Kerberos well enough to comment.
DNSSEC doesn't have revocation but replaces it with very short
signature lifetimes (i.e. you don't revoke, you time out).
SSH does appear to have got away without revocation, though the nature
of the system is s.t. if I really wanted to revoke I could almost
always contact the users and tell them in person. This doesn't scale
very well to SSL-style systems.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list