[Cryptography] Replacing CAs (was Re: Why prefer symmetric crypto over public key crypto?)
Perry E. Metzger
perry at piermont.com
Sat Sep 7 20:52:12 EDT 2013
On Sat, 7 Sep 2013 17:46:39 -0400
Derrell Piper <ddp at electric-loft.org> wrote:
> On Sep 6, 2013, at 11:51 PM, Marcus D. Leech <mleech at ripnet.com>
> wrote:
>
> > The other thing that I find to be a "dirty little secret" in PK
> > systems is revocation. OCSP makes things, in some ways, "better"
> > than CRLs, but I still find them to be a kind of "swept under the
> > rug" problem when people are waxing enthusiastic about PK systems.
>
> Well, there are other saddles, as it were. SPKI/SDSI both offer a
> path forward without needing a trusted CA...
I think that in general one doesn't need CAs much. I will point out,
again, a message I sent to the list recently in which I propose that
simple demonstration of long term use and association may be
sufficient for ordinary purposes:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
More information about the cryptography
mailing list