IIRC, there are centralized and decentralized models. PGP uses a decentralized model, where people who know each other sign each others pgp keys. For example, if you and I sign each others keys, then I can vouch for you being who your key says you are, and vice versa. This model scales very well, since it has been calculated that within a 'span of five', one can reach almost everyone on the planet. You know me with a span of one (from you to me), and you know my parents with a span of two (from you to me, and then to my parents), etc. This model is very robust against attacks since each link stands by itself.
Centralized models have a central registration server that issues certificates, and are easier to set up, but have a single point of failure, plus the whole network can be compromised with a successful attack on the registration server, which can bring down the entire network of credentials. Servers can be attacked with computers, or their owners can be attacked physically, by mafia, law enforcement, etc.
Certificate Authorities are favored by governments, whereas decentralized models are favored by egalitarian communities. Both work, but whom do you trust more: governments or colleagues?
I favor the decentralized approach because it is so much more robust against attacks, and also avoids centralization of power with its grassroots community structure.
On 10/18/05, Tzafrir Cohen <[EMAIL PROTECTED]> wrote:
On Tue, Oct 18, 2005 at 06:48:05PM -0400, Dave Grey wrote:
>
> On Oct 18, 2005, at 4:44 PM, trixter aka Bret McDanel wrote:
> >
> >While I appreciate the problems Matthew is going through, this is a
> >complex issue, and one that has plagued the net for a long time.
> >How do
> >you authenticate random people on the internet as 1. unique and 2. as
> >themselves.
>
> Could x.509 help here? It is a lot of added overhead, for sure, but
> if some one were to create an asterisk-community CA and implement a
> "web of trust" model... *shrug*.
you mean: send an email message at registration time and require that
the reply is signed by a "respectable" PGP key?
--
Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
http://tzafrir.org.il | | a Mutt's
[EMAIL PROTECTED] | | best
ICQ# 16849755 | | friend
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
