On Fri, 30 Jul 2010 19:40:49 -0700 Ray Dillinger <b...@sonic.net> wrote: > Assume, contra facto, that in some future iteration of PKI, it > works, and works very well. > > What the heck does it look like? > > At a guess.... Anybody can create a key (or key pair). They > get one clearly marked "private", which they're supposed to keep, > and one clearly marked "public", which they can give out to anybody > they want to correspond with. > > Gaurantors and certifying authorities can "endorse" the public key > for specific purposes relating to their particular application. > Your landlord can "endorse" your keycard to allow you to get into > the apartment you rent, the state government can "endorse" your > key when you get a contractor's license or private investigator's > license or register a business to sell to consumers and pay taxes, > etc.
You are still following the same model that has failed over and over and over again. "Endorsing" keys is the same "we have no internet, so we rely on having big books to tell us whether a person's credit card was stolen" model. There is no rational reason at all that someone should "endorse" a key when it is possible to simply do a real time check for authorization. There is no reason to sign a key when you can just check if the key is in a database. > And you can revoke your endorsement of any particular key, at any > time, for any reason. How? If you have to do a real time check for every use anyway, the signature on the key is unnecessary as you can just ask "is this user authorized". If you can't do a real time check, then the system fails anyway. Either way, there is no logical or architectural reason for signatures on keys. > I think this model is simple enough to be understood by ordinary > people. I challenge you to explain any such model to my mother successfully. Indeed, I think any model that needs to be explained to anyone has already failed. A good model is one in which if you screw up, nothing bad can happen. For example, if you go to the phisherman's web site instead of your bank's, nothing you can possibly do will endanger your security. The worst that can happen is you end up frustrated and puzzled, but you never can leak information to the phisherman. It may be impossible to achieve this with complete perfection, but if, for example, it would be necessary for someone trying to steal your credentials to social engineer you into get actual physical access to a smart token or some such for a while to get at your bank account, things are now "good enough" for most purposes. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com