On 19/09/11 3:50 AM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:

It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.

I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA as a failure of PKI, no more than I see the
crash of a single airplane as an indictment of air-travel.


His point is that the failure of a single CA is the failure of the entire browsing PKI. Not PKI in concept, but all secure browsing, being one of the PKIs.

One single CA failure means the faiure of the system.  That's the point.

Are there weaknesses in PKI? Undoubtedly! But, there are failures
in every ecosystem. The intelligent response to "certificate
manufacturing and distribution" weaknesses is to improve the quality
of the ecosystem - not throw the baby out with the bath-water.


Right -- how to fix the race to the bottom?



iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to