On Tue, Oct 22, 2013 at 5:24 PM, Stephen Kent <[email protected]> wrote: > DataPacRat, > > > ... > > > > The key item I am gathering from your response is 'trust is not > > transitive'. If that's the case, then wouldn't that also apply to > > chains of 'official' CAs, as well? If all that is so, then is it > > possible that ad-hoc / mesh-network / web-of-trust / > > (insert-buzzword-here) CAs would fare no worse by that metric than the > > current hierarchical CA system? > > That is a fair comment for some PKIs, but not all. > > If a PKI represents an authoritative set of CAs, vs. a "trusted" > set of CAs, then this issue does not arise. So for example in the > DANE context or the RPKI context, we're not dealing with transitive trust.
I'm not familiar with many of the details of DANE and RPKI. Do either of them provide any protection against a subpoena attack? Thank you for your time, -- DataPacRat "Then again, I could be wrong." _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
