Re: Certificates turn 30, X.509 turns 20, no-one notices
On 11/27/08 05:13, Nicholas Bohm wrote: I've never been quite sure whether "Public" qualifies "Key" or "Infrastructure" - this may make a difference to what you count as a PKI. SWIFT (interbank messaging), BOLERO (bills of lading) and CREST (dealing in dematerialised stocks and shares) all use public key cryptography, I believe, and have all been reasonably successful; but they are all closed systems where each of the participants believes that it and the others can stand the risk of contractually-imposed non-repudiation rules (or they used to believe it, anyway). But what these examples illustrate, by the lack of "open" comparables, is the very limited utility of the technology. in the past capitalization referred to CAs making the rounds of wallstreet with $20B/annum business case (i.e. approx. $100/annum per adult in the US). The lower case "public key" met that an entity could make their public key available ... as countermeasure to the shortcomings of shared-secret (password/PIN) paradigm ... where a unique shared-secret was required for every unique security domain (the current scenario where scores or hundreds of unique shared-secrets have to be managed). going from lower-case ... where an entity could share the same public key with large number of different entities, to upper-case, was the scenario justifying the $20B/annum business case. sometimes the issue isn't whether the public key is open/closed ... the issue is whether the business liability is between the parties involved ... or should random, unrelated participants also get involved in the business processes. there have been some attempts at obfuscation ... attempting to confuse the boundaries between the authentication technology and the parties involved in business processes liability i was at annual acm sigmod (aka database) conference in 91 (92?) and during one of the sessions, somebody asked a question regarding what was all this X.5xx stuff going on ... and the reply was that a bunch of networking engineers were trying to re-invent 1960s database technology. -- 40+yrs virtualization experience (since Jan68), online at home since Mar70 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Certificates turn 30, X.509 turns 20, no-one notices
Peter Gutmann wrote: > This doesn't seem to have garnered much attention, but this year marks two > milestones in PKI: Loren Kohnfelder's thesis was published 30 years ago, and > X.509v1 was published 20 years ago. > > As a sign of PKI's successful penetration of the marketplace, the premier get- > together for PKI folks, the IDtrust Symposium (formerly the PKI Workshop and > now in its eighth year) authenticates participants with... username and > password, for lack of a working PKI. > > (OK, it's a bit of a cheap shot and it's been done before, but I thought it > was especially significant this year :-). I've never been quite sure whether "Public" qualifies "Key" or "Infrastructure" - this may make a difference to what you count as a PKI. SWIFT (interbank messaging), BOLERO (bills of lading) and CREST (dealing in dematerialised stocks and shares) all use public key cryptography, I believe, and have all been reasonably successful; but they are all closed systems where each of the participants believes that it and the others can stand the risk of contractually-imposed non-repudiation rules (or they used to believe it, anyway). But what these examples illustrate, by the lack of "open" comparables, is the very limited utility of the technology. Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285(+44 1279 870285) Mobile 07715 419728(+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]