David Mercer wrote: > Holy water indeed! As at least someone on this list doesn't seem to > see that there is a 'too many true names' problem, here are some > examples from the ssl sites I use (almost) daily. Second level > domains changed to protect the guilty (and url's chopped for safety):
part of the issue is that certification authority trust model is attempting to equate internet routing names with business entity names .... something that they were never designed to do. it isn't so much that there are too many names ... but that business name operation and internet routing names were never designed to be used as the same thing (even for business operation names ... in the same jurisdiction, you may have a business organization with three different names ... where what is on the store front ... is different than what is registered at state business agency). another part of the issue might be considered that effectively digital certificate paradigm (designed for offline operation in lieu of the replaying party having any other resources) comes down to the individual having to repeat the whole trust sequence on every cycle ... each operation resends the same certificate requiring that all the operations have to be repeated. this is in-turn predicated on the assumption that the user has no resources for online, real-time information and no local trusted memory (other than the local trusted public key repository where there are attempts to reserve for certification authority use only). the problem here is that it is long known that you run into trouble if you force the end-user to repeat the same operations over, and over, and over again ... until they become meaningless. in conjunction ... digital certificate operations (at least exposed to the end-user) have been forced to be more & more hidden and more & more trivial. more consistent with long recognized human factors is to have the end-user perform some sequence of recognizable trust operations once per site ... and then save the results of those operations for future use (like validating a public key and saving it in their local trusted public key repository) ... rather than forcing that ALL the trust operations have to be repeated on every interaction (which in-turn, forces what trust operations are performed to be more and more trivial as the repitition becomes more & more meaningless to the end-user). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]