Peter Gutmann
> Long before the discussion on this list, there were
> already missionaries coming to the ietf-tls list to
> enlighten the heathens who dared to mention PSK and
> remind them of their duty to support PKI in all its
> infinite perfection, and not to take any false gods
> before it.

For PKI to have all these wonderful benefits, everyone
needs his own certificate.  But the masses have not come
to the party, in part because of the rather Orwellian
requirements.  Obviously I cannot get a certificate
testifying that I am the one true James Donald, because
I probably am not.  So I have to get a certificate
saying I am the one true James Donald SS xxx-xx-xxxx -
the number of the beast.

Capitalism 101:  The customer is always right.  The
customer wants to use passwords.  The customer has
decided.  So shall it be.

So we are going to base identity and security on
passwords.  If we are going to supplement the users
password with a nicely random number stored in his
computer, we should put the random number in his
bookmark, so that the the user conceives of it as his
secret web page, rather than his certificate. 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to