On Tue, Mar 5, 2013 at 9:18 AM, Martin Paljak <[email protected]> wrote:
> On Tue, Mar 5, 2013 at 2:08 PM, ianG <[email protected]> wrote:
>> This whole argument that certs aren't portable across devices is something
>> of a strawman. Companies deploy SSL certs across accelerators all the time,
>> so why not client certs? The reason is the assumptions that are designed to
>> stop you doing that. Get rid of those assumptions, and client certs work.
>
> Because:
> - Distributing (encryption) keys securely is not that easy to
> accomplish
That's Patient 0. Its the key distribution problem. Its the cause of
all the troubles.
Web of Trust, Hierarchy of Trust, DNSSEC/DANE, Sovereign Keys,
Convergence, {Certificate|Public Key} Pinning, Key Continuity, etc are
all band-aides for the first patient.
Jeff
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
