[Cryptography] lessons learned -- or not learned -- from Enigma et cetera

ianG iang at iang.org
Thu Jan 8 17:48:59 EST 2015

On 8/01/2015 07:47 am, John Denker wrote:
> Furthermore, not every
> screw-up is subversion or treason.  The root-CA situation
> is an example.  I would call it a plain old lousy design,
> except that I don't think it was designed at all.  It was
> hatched.

I think history is fairly clear on that point:  It definitely wasn't 
designed, in any sense that we understand the word.

Netscape assumed one CA -- themselves.  RSA or their proxies argued this 
was terrible state of affairs, and rushed forth to create Verisign.

If Netscape was convinced to not be "the root" then of course we can't 
have just one company being the CA.  Which means it became an open 
market.  But, that all happened without a thought or plan or intent.

And, from what I've seen of PKI literature, there was no thought at the 
time of an open market of CAs.  PKI was envisaged as a pure single 
hierarchy (and had to be because original PKI made deep and meaningful 
assumptions about contracts that would be rather upset by peer CAs).

Having said all that, I did not see these developments first hand, and 
would love to be corrected!


More information about the cryptography mailing list