[Cryptography] The Mesh

Ralf Senderek crypto at senderek.ie
Sat Jul 11 08:38:33 EDT 2015

On Sat, 11 Jul 2015 05:37:18 Phillip Hallam-Baker wrote:

> A private PKI consists of [no] more than a dozen or so Certificate 
> Signing Certs. When I read them into my cert collection, I can
> construct all the cert chains etc. with little difficulty.
> I verify that each cert is valid according to the profile
> requirements etc, and check that it chains to the root of the
> personal PKI.

That raises the question how the decision to include any particular
Signing Cert is reached. If for a frictionless use case the user
has nothing to do with this decision, how should he gain any trust
in the validity of his own personal PKI?

> In use, the entire system is completely frictionless.

That's your most important selling point.

> The only time a user ever needs to be aware of using encrypted mail
> is when they want to force use of encryption or force use of encryption
> with a key they have a verified fingerprint of.

How did this verification happen? Why is it secure?
Again, I think the scheme does not answer the most important question of
how a user can be sure he's using the correct correspondent's key, if
all decisions regarding the validity of keys are done on his behalf by
"the mesh" and "a tool".


More information about the cryptography mailing list