[Cryptography] The Mesh
Ralf Senderek
crypto at senderek.ie
Sat Jul 11 08:38:33 EDT 2015
On Sat, 11 Jul 2015 05:37:18 Phillip Hallam-Baker wrote:
> A private PKI consists of [no] more than a dozen or so Certificate
> Signing Certs. When I read them into my cert collection, I can
> construct all the cert chains etc. with little difficulty.
> I verify that each cert is valid according to the profile
> requirements etc, and check that it chains to the root of the
> personal PKI.
That raises the question how the decision to include any particular
Signing Cert is reached. If for a frictionless use case the user
has nothing to do with this decision, how should he gain any trust
in the validity of his own personal PKI?
> In use, the entire system is completely frictionless.
That's your most important selling point.
> The only time a user ever needs to be aware of using encrypted mail
> is when they want to force use of encryption or force use of encryption
> with a key they have a verified fingerprint of.
How did this verification happen? Why is it secure?
Again, I think the scheme does not answer the most important question of
how a user can be sure he's using the correct correspondent's key, if
all decisions regarding the validity of keys are done on his behalf by
"the mesh" and "a tool".
--ralf
More information about the cryptography
mailing list