> Drill Grandma on one thing:
>
> FORGET THE TELEPHONE NUMBER. REMEMBER THE KEY ID.
>
> If she's smart enough to know to write down or remember the telephone
> number, she's smart enough to re-channel that to the Key ID.
>
> Merchants and banks proudly and prominently display their Key IDs on
> their front pages and with all ads likely to catch Grandma's eye.
>
> The rest is done by a local or on-line cryptographically-secure
> directory indexed by Key ID.
>
> Now retire the CAs and forget about them.
That's a big if. It's an if that's so big that it's guaranteed to be false.
Human beings don't do very well remembering such things. It's worse if you want
to roll them over periodically.
Now what you're suggesting could work if you did something like made some
directories that stored the key IDs and web sites they belonged to. This could
be something that could easily be stored in Google, Yahoo!, or Bing, for
example. This has a downside of a privacy leak every time someone wants to look
one up.
If that privacy leak bothers you, or you want to offload the lookup requests
from the search engine infrastructure, we could always store it on the web
server itself. A digital signature would provide the proper integrity check.
And yes, with that system, we could retire the CAs.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
