On Thursday 14 July 2005 15:45, Aram Perez wrote: > <RANT-PET_PEEVE>Why do cryptography folks equate PKI with > certificates and CAs?
Because it's the major example of what most would agree is PKI, I'd guess. When we talked to people in the certs and CAs world, they call it PKI. They refer to lots of documents, which call it the PKI. The business model of PKI vendors used to at least be partly based on selling certs. It's an assumption they make or made. (John Kelsey answered this very well.) > This fallacy is a major "root cause" of the > problem IHO. Why was the term "PKI" invented in the late 70s/early > 80s (Kohnfelder's thesis?)?. Before the invention of asymmetric > cryptography, didn't those people who used symmetric cryptography > need an SKI (secret key infrastructure) to manage keys? But no one > uses the term SKI or talks about how to manage secret keys (a very > hard problem). Exactly. > Anytime you use any type of cryptography, you need an > "infrastructure" (<http://en.wikipedia.org/wiki/Infrastructure>) to > manage your keys, whether secret or public. There are at least two > public key infrastructures that do NOT require CAs: PGP and SPKI. But There is a sort of doublethink here - when people look down their nose at PKI from the PGP side, the PKI side is sometimes at pains to say that PGP's WoT is a PKI. Yet when the converse happens and PGP pundits suggest using WoT with (e.g.,) x.509 certs, the PKI people say "WoT is not PKI." Personally, I call "what PGP does" a Web of Trust. And I call what browsers do a PKI. The fact that there is "trust" in PKI and there is "infrastructure" in WoT is an issue, yes, but we have to have some sense of differentiation; and those terms are what the people in those fields tend to be comfortable with. iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
