On 28 July 2010 15:05, Perry E. Metzger <pe...@piermont.com> wrote:
> On Wed, 28 Jul 2010 14:38:53 +0100 Ben Laurie <b...@links.org> wrote:
>> On 28/07/2010 14:05, Perry E. Metzger wrote:
>> > It is not always the case that a dead technology has failed
>> > because of infeasibility or inapplicability. I'd say that a
>> > number of fine technologies have failed for other reasons.
>> > However, at some point, it becomes incumbent upon the proponents
>> > of a failed technology to either demonstrate that it can be made
>> > to work in a clear and convincing way, or to abandon it even if,
>> > on some level, they are certain that it could be made to work if
>> > only someone would do it.
>>
>> To be clear, I am not a proponent of PKI as we know it, and
>> certainly the current use of PKI to sign software has never
>> delivered any actual value, and still wouldn't if revocation worked
>> perfectly.
>>
>> However, using private keys to prove that you are (probably) dealing
>> with the same entity as yesterday seems like a useful thing to do.
>
> I agree with that fully.
>
>> And still needs revocation.
>
> Does it?
>
> I will point out that many security systems, like Kerberos, DNSSEC and
> SSH, appear to get along with no conventional notion of revocation at
> all---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
