On Sat, 7 Sep 2013 17:46:39 -0400 Derrell Piper <d...@electric-loft.org> wrote:
> On Sep 6, 2013, at 11:51 PM, Marcus D. Leech <mle...@ripnet.com> > wrote: > > > The other thing that I find to be a "dirty little secret" in PK > > systems is revocation. OCSP makes things, in some ways, "better" > > than CRLs, but I still find them to be a kind of "swept under the > > rug" problem when people are waxing enthusiastic about PK systems. > > Well, there are other saddles, as it were. SPKI/SDSI both offer a > path forward without needing a trusted CA... I think that in general one doesn't need CAs much. I will point out, again, a message I sent to the list recently in which I propose that simple demonstration of long term use and association may be sufficient for ordinary purposes: http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography