[Cryptography] lessons learned -- or not learned -- from Enigma et cetera
iang at iang.org
Thu Jan 8 17:48:59 EST 2015
On 8/01/2015 07:47 am, John Denker wrote:
> Furthermore, not every
> screw-up is subversion or treason. The root-CA situation
> is an example. I would call it a plain old lousy design,
> except that I don't think it was designed at all. It was
I think history is fairly clear on that point: It definitely wasn't
designed, in any sense that we understand the word.
Netscape assumed one CA -- themselves. RSA or their proxies argued this
was terrible state of affairs, and rushed forth to create Verisign.
If Netscape was convinced to not be "the root" then of course we can't
have just one company being the CA. Which means it became an open
market. But, that all happened without a thought or plan or intent.
And, from what I've seen of PKI literature, there was no thought at the
time of an open market of CAs. PKI was envisaged as a pure single
hierarchy (and had to be because original PKI made deep and meaningful
assumptions about contracts that would be rather upset by peer CAs).
Having said all that, I did not see these developments first hand, and
would love to be corrected!
More information about the cryptography