On 11/24/2014 3:20 PM, Derek Martin wrote:
It is a practical impossibility for you (or your organization) to
actually truly authenticate each and every entity with whom you do
business on the Internet.  The problem is compounded by the needs of

I don't agree with the base assertion. I don't believe that it is an impossibility, practical or otherwise. Means to do it exist. Kerberos does it on a small scale. Make something like Kerberos realms integral to web browsers. Make doing business with Amazon a matter of creating a principal for Amazon in your browser profile. There you have it: verifiable, mutual authentication across the entire Internet.

No, that's not intended to be the solution. It's me noodling about one way to go about it. Yes, I'm aware that this does not solve the initial trust problem. Like I wrote above, I don't believe it is impossible to solve, only that nobody has put the effort into solving it (or if they have then their work has largely been ignored).

It wouldn't require a flag day. It's something that browser makers could implement and deploy in parallel with the existing X.509 PKI currently in use. X.509 could then be deprecated once the new system achieves a critical mass.

--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to