Duane wrote:
There is a million other discrepancies in the PKI industry, 10 myths
of PKI is a good place to start...
Anyone who travels down the path of really
doing the research into the PKI structure
ends up losing a lot of respect for the
security industry, and security principles
in general. A good analogy is perhaps
Bismark's on the law: the PKI structure is
like sausages, you really don't want to see
how it was made.
Having said that, I'm not sure which document
you meant about "10 myths of PKI" but here is
a link to a sort of evolving list of criticisms I
keep:
http://iang.org/ssl/pki_considered_harmful.html
iang
PS: Unlike some documents that you will see posted
(including by myself), I try and keep that one
scholarly and reputable by including full academic
references. If you are looking at something that
is purporting to address a security issue, one
way to see if it is a robust well thought out
proposal is to look at how many like and preceeding
documents it refers to. No documents signals
that the author has not thought it out, or at least
not tied it in to other people's work, so it is quite
probably a waste of time to read it.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
