On Wed, 28 Jul 2010 09:30:22 -0500 Nicolas Williams <nicolas.willi...@oracle.com> wrote: > On Wed, Jul 28, 2010 at 10:05:22AM -0400, Perry E. Metzger wrote: > > PKI was invented by Loren Kohnfelder for his bachelor's degree > > thesis at MIT. It was certainly a fine undergraduate paper, but I > > think we should forget about it, the way we forget about most > > undergraduate papers. > > PKI alone is certainly not the answer to all our problems. > > Infrastructure
Let me interrupt here and say that when I refer to PKI, I mean the Kohnfelder model which we have been following, which is the model of very long lived "phone books" of hierarchically issued certificates along with very long lived lists of revoked certificates, all designed with an offline world in mind. I have no objections to "infrastructure" -- bridges, the Internet, and electrical transmission lines all seem like good ideas. However, lets avoid using the term "Public Key Infrastructure" for things that depart radically from the Kohnfelder and subsequent X.509 models. > Infrastructure (whether of a pk variety or otherwise) and transitive > trust probably have to be part of the answer for scalability > reasons, even if transitive trust is a distasteful concept. Well, it depends a lot on what kind of trust. Let me remind everyone of one of my long-standing arguments. Say that Goldman Sachs wants to send Morgan Stanley an order for a billion dollars worth of bonds. Morgan Stanley wants to know that Goldman sent the order, because the consequences of a mistake on a transaction this large would be disastrous. Should they trust Verisign's ExtraSuperHighValue certificate presented by Goldman? No. Why? Because Verisign disclaims all effective liability for the use of its certs. It is not a party to the transaction being conducted. If it was actually insuring all transactions conducted with the certificate, then Morgan could trust them, because the counterparty who's credit would be at issue would no longer be Goldman but Verisign. However, Verisign won't even pay out if it turned out that they gave signed a Goldman cert and it was in fact held by a scammer. The problem with Certification Authorities is they certify NOTHING. There can be no reliance on them, because they have no liability of any sort in any transaction. So, in the real world, Goldman and Morgan come up with ways of making sure they trust each other's communications and credit lines. Even when we're dealing with small transactions, like buying a book at a book store with a credit card, if you trace it out, we're dealing with nothing but a web of bilateral commercial relationships. So, I have no trouble with various kinds of trust. What I have trouble with is the sort of false trust that a CA implies. CAs certify nothing in a real world business sense -- they are just toll collectors. > However, we need to be able to build direct trust relationships, > otherwise we'll just have a house of transitive trust cards. > Again, think of the the SSH leap-of- faith and "SSL pinning" > concepts, but don't constrain yourselves purely to pk technology. I believe we may, in fact, be in violent agreement here. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com