<http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html>
so ignore for the moment the little indiscretion
http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At least I hope it's new)
http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At least I hope it's new)
and the part of turning a simple authentication problem into a significantly harder and error prone (along with exploits and vulnerabilities ... not to say expensive) problem:
http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a meaning
there has been the some past discussions of what happens to long term CA private key management over an extended period of time, possibly involving several corporate identities. Checking latest release browsers ... I find two CA certificates for GTE cybertrust ... one issued in 1996 and good for 10 years and another issued in 1998 and good for 20 years.
so lets say as part of some audit ... is it still possible to show that there has been long term, continuous, non-stop, highest security custodial care of the GTE cybertrust CA private keys. If there hasn't ... would anybody even know? ... and is there any institutional memory as to who might be responsible for issuing a revokation for the keys? or responsible for notifying anybody that the certificates no longer need be included in future browsers?
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
