Re: Who's afraid of Mallory Wolf?

Ben Laurie
Tue, 25 Mar 2003 09:32:59 -0800

Ed Gerck wrote:

BTW, this is NOT the way to make paying for CA certs go
away. A technically correct way to do away with CA certs
and yet avoid MITM has been demonstrated to *exist*
(not by construction) in 1997, in what was called intrinsic
certification -- please see  www.mcg.org.br/cie.htm


Phew, that is a lot of pages to read (40?). Its also rather though
material for me to digest. Do you have something like an example
approach written up? I couldn't find anything on the site that did not
require study.


;-) If anyone comes across a way to explain it, that does not require study,
please let me know and I'll post it.

AFAICS, what it suggests, in a very roundabout way, is that you may be able to verify the binding between a key and some kind of DN by being given a list of signatures attesting to that binding. This is pretty much PGP's Web of Trust, of course. I could be wrong, I only read it quickly.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to