[Cryptography] Verisimilitrust
Bill Frantz
frantz at pwpconsult.com
Thu Jan 14 22:38:32 EST 2016
On 1/13/16 at 3:32 PM, bear at sonic.net (Ray Dillinger) wrote:
>So, what's the payoff to overcome these limitations? What worthwhile
>applications do we need another public key infrastructure for? What
>is the trust model and how can we avoid the mistakes of setting up a
>business model that doesn't follow it? And what requirements does
>it have beyond or different from the X.509 PKI?
The basic trust model used to implement capabilities in Waterken
and E, to name two systems off the top of my head, is useful.
They use references (ala URLs) which identify the receiver of
the connection (aka server) and a secret which represents a
resource on that server. E has a hash of the public key of the
server and the secret number. I think Waterken is using TLS and
its trust model.
With the public key, or its hash, there is no PKI to speak of.
The trust model is that you trust the place you got the URL,
which includes the ones you generate yourself. Since you have
assurance you are contacting the same place over and over, you
can develop trust based on behavior.
I think modern versions of TLS can be made to use a similar
method of trusting the other end, although it is much less
commonly used than it should be.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345
Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos,
CA 95032
More information about the cryptography
mailing list