On Wed, Jan 16, 2013 at 9:21 PM, <[email protected]> wrote: > > > To clarify: I think everyone and everything should be identified by > > their public key,... > > Would re-analyzing all this in a key-centric model rather than > a name-centric model offer any insight? (key-centric meaning > that the key is the identity and "Dan" is an attribute of that > key; name-centric meaning that Dan is the identity and the key > is an attribute of that name) I tend to look at it from data-centric point of view since the data is all that matters:
* Data at rest * Data in transit * Data on display Note: data at rest can occur at both server (online) and device (offline). Both a passwords and a document count as data. Bad bad-guys want the password; and good bad-guys want the document. Bad bad-guys will try to compromise different, more valuable accounts; good bad-guys will want to analyze the document for ads and services. It makes sense (to me) since the data is all that matters. Criminal Organizations and Industry (is there a difference in the big picture?) validates the presumption since they try so hard to get at it. Your use cases drop out of the pre-exisiting relationships (or lack thereof) and data states, and drives Local Passwords vs SRP vs Public Key Identity based systems. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
