Re: End of the line for Ireland's dotcom star

2003-09-25 Thread R. A. Hettinga
At 5:48 PM -0700 9/24/03, someone wrote: 

The mystification of identity is a hallmark of any hierarchical
society. 

Is this quote original with you? I like it enough that I want to
keep it around. I see you and others used similar variations before
in c'punks postings. 

Yes. It's mine. The whole thing is original as of this afternoon, in
fact. Though the first part is probably 5 years old or so. Besides,
we've all been grabbing the same elephant, and repeating our stories
about it for so long, it all sounds familiar at this point. 


I came up with the mystification of identity bit while talking to
Carl Ellison and Perry Metzger in the lobby of a Usenix(?) conference
in Boston's theater district in 1997 (or '98) that Dan Geer got me to
do a luncheon speech for. (My theme was DES is DED, if I remember
correctly, thanks to Mssrs. Gilmore and Kocher, which should date it
rather closely.) 

So, out in the hotel lobby, I'd talked about obeying all the laws and
still doing what we wanted because the law, and the rest of society,
was a lagging indicator anyway, and if we invented something useful
and effective it would have to make accommodations for progress. Carl
said something about how with the advent of decent projectile
weaponry, a peasant could kill a knight, confess in church, and kill
another knight the next week, divine rights of the aristocracy or
no. I thought about magicians needing true names to have power over
something, and popped off with mystification of identity, which got
grins all around.

The hallmark of a hierarchical society bit I just though of today
because I've been plinking) at this book on bearer financial
cryptography and underwriting (kind of, don't hold your breath) I
want to do, and my hierarchy/geodesic riff is pretty much the central
thesis. Book entries are hierarchical, bearer certificates are
geodesic, we've created a geodesic network, and our hierarchical
organizational/social/political structures are (d)evolving into
geodesic ones along with it. Or at least that's my story, and I'm
sticking to it. :-).

The actual Moore's Law creates a geodesic network bit, of course,
comes from Peter Huber, though I'm not sure whether he thought it up
or someone else did. 

*That* kind of stuff I've been saying on cypherpunks just about since
I got there in 1994. That and bearer transactions, of course, though
apparently, Nick Szabo says someplace I osmotically appropriated it
from him, which I can't argue with, since I was on the same lists he
was on at the time, and, of course, most of what I know about this
stuff is just other people's stuff bolted together with the
occasional bon mot like the above. On the net, like any other serious
collegial setting, it's hard to know where your stuff starts and
others end. Nobody knows you're a dog, whatever.

Or, like the Robert Woodruff quote Ben Laurie's .sig says: There is
no limit to what a man can do or how far he can go if he doesn't mind
who gets the credit.

Which, in my case, goes both ways, I suppose.

A good artist borrows. A great artist steals, as Picasso liked to
say.

Invention is the mother of necessity?

Okay, I'll quit with the not-so-bon mots now. 

Besides, whaddya expect from public education and a state-school
philosophy major, wisdom, or something? 

:-)

Cheers,
RAH


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-25 Thread Damian Gerow
On Wed, 24 Sep 2003 15:33:56 -0700, thus spake Adam Back
[EMAIL PROTECTED]:
: You'd have thought there would be plenty of scope for certs to be sold
: for a couple of $ / year.  Eg. by one of the registrars bundling a
: cert with your domain registration.  I mean if someone can provide DNS
: service for $10 or less / year (and lower for some tlds) which
: requires servers to answer queries etc., surely they can send a you a
: few more bits (all they have to do is make sure they send the cert to
: the person who they register the domain for).

Perceived worth.  CD's are cheaper to manufacture than cassette tapes,
but you'll pay more, because 'the audio quality is better'.  Welcome to
Capitalism.

: From what I heard Mark Shuttleworth (of Thawte) got his cert in the
: browser DBs for free just for the asking by being in the right place
: at the right time.  So once you have that charging  $100 for a few
: seconds of CPU time to sign a cert is a license to print money.
: 
: With all the .com crashes you'd think the price of a root cert ought
: to be pretty low by now.

Adding on to the lists below...

There's a fair bit more work than just randomly signing a certificate. 
At the very least, the issuing CA has to (/should) verify that the
contact requesting the certificate is a valid contact for the hostname
being requested, and that the domain is even /allowed/ to have
certificates (I'm thinking cryptography export laws, but I may be
wrong).

That being said, http://www.openca.org/ gives them away for free. 
They're currently pushing to have their root certificate included within
Mozilla; I'm not sure if it will ever happen within IE (but they provide
it for the end user to download).

I have heard good things about their service, and I personally use them
to generate my certificates (the price is right).  Dunno about the
supposed security of their signed certificates vs. those signed by
Verisign/Geotrust/FreeSSL/whomever.


pgp0.pgp
Description: PGP signature


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-25 Thread Dave Howe
Joel Sing wrote:
 Hi Adam,
 I believe they have, at least to a large degree. InstantSSL
 (www.instantssl.com) sell 128-bit certificates for $49USD/annum.
 Certainly far cheaper than the VeriSign or Thawte equivalent. This is
 their 'base' level service which comes with a $50USD warranty, email
 based support and a 30 day refund/reissue policy. One of our clients
 uses one of their certificates and we haven't had an issue with it.
What is their browser coverage like?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-25 Thread Peter Gutmann
Ed Gerck [EMAIL PROTECTED] writes:

PRICING STRATEGY: CAs should keep their prices high and find ways to add
price to current products (eg, offering insurance, different certificate
classes, benefits for CRL access, etc.) -- because the potentially difficult
mid-term future of such business impose the need for a large ROI in a short
time. This is probably not a long-term business activity.

Actually there's a second aspect to this as well: Verisign's managed PKI
services.  The idea here is that since PKI (specifically, the X.509 PKI model)
is too hard for any normal person or organisation to handle, you charge people
an enormous amount of money to run their PKI for them.  You end up talking to
a Verisign cloud that acts as an authorisation oracle (Is this thing OK? -
Yep, go ahead), although exactly why you need a PKI for this rather than
(say) a basic challenge-response protocol to query the cloud is unclear (maybe
it's a fashion thing, or an in-joke that no-one's let me in on).  As a
moneymaking racket, it's second only to the make the browser warning dialogs
go away one: First you create an unworkable PKI design (although Verisign
didn't do that, they're just taking advantage of it), then you charge people
buckets of money to run it for them (and in terms of money-earners, it leaves
the $495 server certs in the dust - it's sort of like a PKI-DNS service,
except that you pay 5-6 figure sums for your name/key registration).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-24 Thread Anton Stiglic

 Why is it that none of those 100-odd companies with keys in the browsers
 are doing anything with them?  Verisign has such a central role in
 the infrastructure, but any one of those other companies could compete.
 Why isn't anyone undercutting Verisign's prices?  Look what happened with
 Thawte when it adopted this strategy: Mark Shuttleworth got to visit Mir!

And Thawte got bought by Verisign, so no more competition...
Interestingly, last time I checked, it was cheaper to buy from Thawte than 
it was from Verisign directly.

--Anton

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-24 Thread R. A. Hettinga
At 1:15 PM -0400 9/24/03, Anton Stiglic wrote:
Interestingly, last time I checked, it was cheaper to buy from Thawte than 
it was from Verisign directly.

Oh. That's easy.

The certificate doesn't say Verisign on it.

The mystification of identity is a hallmark of any hierarchical society.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-24 Thread Peter Gutmann
Anonymous via the Cypherpunks Tonga Remailer [EMAIL PROTECTED] writes:

Why is it that none of those 100-odd companies with keys in the browsers are
doing anything with them?  Verisign has such a central role in the
infrastructure, but any one of those other companies could compete. Why isn't
anyone undercutting Verisign's prices?  Look what happened with Thawte when it
adopted this strategy: Mark Shuttleworth got to visit Mir! Maybe that was a
one shot deal, but clearly these keys are not being utilized up to their
economic potential.

Is there some behind the scenes coercion?  Contractual limitations? Will
Microsoft pull the keys if someone tries to compete with Verisign? What's the
deal?

No-one ever got fired for buying Verisign.  Unfortunately in order to
understand that buying your certs from anything but the cheapest CA present is
a waste of money, you need a certain amount of understanding of how PKI (or at
least certificate manufacturing, as currently practiced) works.  Verisign have
invested an enormous amount of time and money into communicating the message
that it ain't secure if it doesn't say Verisign, and that's been very
effective.  I have, very occasionally, run into people who've told me how they
managed to locate a CA that sold them their certs for $29.95/year instead of
$495/year, but this is very much the exception to the rule.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-24 Thread Ian Grigg
Adam Back wrote:

 You'd have thought there would be plenty of scope for certs to be sold
 for a couple of $ / year.

Excuse me?  Why are they being sold per year in the
first place?

It's not as if there are any root servers to run!

Outrageous!

:-)

iang

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-24 Thread Ed Gerck
Yes, there is a good reason for CAs to charge so much for certs.
I hope this posting is able to set this clear once and for all.

  FOREWORD: It's often said that a good lawyer should be able to argue
  both sides of an issue... Though I am not a lawyer, I believe it is
  instructive to see things from all perspectives. My answer may help see
  things from the CA side and IMO does not contain any exaggeration.

Of course, to properly answer the question I would need to write a
CA Business Plan, which should contemplate the various pros, cons,
pricing, and contingency plans. However, without daring to use much
time in such a dubious endeavor, let me just briefly discuss the CA
business model in order to better motivate the pricing strategy answer.

1. Product Liability to Clients: Zero.

 CAs provide certificates that have zero content, zero warranties,
 zero assurances and, hence, zero liability under any law system.
 This is a very good point for CAs, and it is difficult to imagine a
 legal business that could get to so close to this goal. Perhaps,
 chiromancy with consenting adults over a phone line could
 be similar, but with a lesser market.


2. Contract Liability to Users: Zero.

 Since the certificate's users (ie, historically known as the
 relying-parties) are not the ones that paid for the certificate to
 the CA (ie, the certificate was paid for by the subscriber), this
 means that the CA has no responsiblity or contractual obligation
 whatsoever to the certificate's users, hence zero liability.


3. After-Sales Support: Almost Zero.

 This is also a very good point. There is no maintenance, set-up,
 compatibility or other post-sales questions to worry about. The
 product also self-destructs so to say after a period of usually one
 year, so there is not even a marginal need to maintain compatible
 systems for diagnosis after one year. Regarding the eventual need to
 revoke a certificate, here we are forced to say that after-sales
 support is almost zero. However, that is not a serious issue
 because certificate revocation has also no warranties or assurances,
 hence this freely provided service has no liabilities or obligations
 to the CA, not even to be expedite.


4. Product Recall: Zero.

 The subscriber cannot send back an issued certificate and decide to
 cancel his order because the certificate does not work on the new
 Gizmo v4.0 or equivalent browser, or just because it does not like
 it any more. Once the product is sold, the revenues are liquid.


5. Technical Regulation: Almost Zero.

 Certificates are technically regulated by X.509 but X.509 is very
 tolerant on almost all issues except purely syntatic issues which
 are handled blindfolded by software. Further, CAs can issue their
 very own operating laws (CPS - Certificate Practice Statement)
 according to their needs and profit rules. They can define all their
 operating parameters.


6. Legal Regulation: Almost Zero.

 The CA's CPS must be accepted by the client and the CA can change it
 at will, at any moment. Legislation, such as Illinois', already
 consider such self-made laws as legally binding in lieu of any
 legislation's mandated procedures (see a typical CA CPS).


7. Legal Mandatory Use: Possible.

 This is a very positive point for CAs. Legal initiatives may make it
 mandatory to use CAs (eg, TTPs) in order to allow certificates to be
 deployed. So, CAs would have captive markets in this positive
 scenario and the client would not be able to decide not to use a CA.


8. Matched Sales: Strongly Enforced.

 A CA can reach profitable agreements with a wide array of partners,
 such as financial agents, software producers, content providers,
 etc., in order to render its certificates strongly matched to the
 partner's products or services. This is easily cryptographically
 guaranteed and sounds reasonable when explained to customers. For
 example, software producer ACME can easily decide that its product
 Gizmo will only accept plug-ins signed by a specific CA -- allowing
 several legal avenues for matched sales.


9. Product Price: At Will.

 There is no reference in price for an array of 2 Kbytes. It can
 range from $5.00 to $500.00 or beyond. Since the market also has to
 accept matched sales as a natural procedure in this case, it is not
 difficult to organize different product classes so that essentially
 the same array of 2 Kbytes can have very profitable margins for
 high-end (ie, expensive) applications.


10. Insurance: Paid By The Client.

 To cover for those few cases where the CA could still be liable (ie,
 gross negligence, employee collusion, fraud, etc.) to its clients,
 it is accepted to ask for the client to pay for insurance against
 the CA's acts. Since the users have no coverage (they are not part
 of the contract and they are not considered innocent bystanders as
 with car accidents), such insurance will need to cover only the
 client.


PRO SUMMARY: CAs make very good sense as businesses, shareholder's

Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-24 Thread Adam Back
On Wed, Sep 24, 2003 at 05:40:38PM -0700, Ed Gerck wrote:
 Yes, there is a good reason for CAs to charge so much for certs.
 I hope this posting is able to set this clear once and for all.

 [zero risk, zero cost, zero liability, zero regulatory burden]

 9. Product Price: At Will.
 
  There is no reference in price for an array of 2 Kbytes. It can
  range from $5.00 to $500.00 or beyond. 

Uh?  The why argument you give is basically price gouging?

That was my point and why I said I don't see any reason cert prices
with reasonable competition couldn't fall to a few dollars/year.
(Ian: recurring billing is because they expire).

Adam

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-24 Thread Joel Sing
Hi Adam,

That was my point and why I said I don't see any reason cert prices
with reasonable competition couldn't fall to a few dollars/year.
I believe they have, at least to a large degree. InstantSSL 
(www.instantssl.com) sell 128-bit certificates for $49USD/annum. Certainly 
far cheaper than the VeriSign or Thawte equivalent. This is their 'base' 
level service which comes with a $50USD warranty, email based support and a 
30 day refund/reissue policy. One of our clients uses one of their 
certificates and we haven't had an issue with it.

Cheers,

Joel


 = Joel Sing | [EMAIL PROTECTED] | 0419 577 603 =

 I'm not worried about Artificial Intelligence, when they invent
  Artificial Stupidiy, then I'll be scared. I'm sorry Dave, I don't feel
  like doing that. ~Unknown
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


End of the line for Ireland's dotcom star

2003-09-23 Thread R. A. Hettinga
http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html

Guardian |

End of the line for Ireland's dotcom star

Software firm saw boom and bust; now the core business is sold

Geoff Gibbs
Tuesday September 23, 2003
The Guardian

Baltimore Technologies, the Irish software concern whose spectacular rise
and fall epitomised the boom and bust of the dotcom era, reduced itself to
little more than a cash shell yesterday by selling off the core business on
which its fortunes were founded.

The internet security company, which failed to find a buyer after putting
itself up for sale this year, said it was selling its loss-making public
key infrastructure, or PKI, operation to the American-controlled business
beTRUSTed for £5m.

PKI is used to make e-business secure and was the core technology behind
Baltimore's heady but brief elevation to the ranks of FTSE 100 corporations
before the dotcom bubble burst two years ago.

At the height of its fortunes the Dublin company was valued at more than
£5bn and employed about 1,500 people.

The PKI sell-off marks the completion of a controlled programme of asset
sales that has raised almost £21m over the past couple of months and will
leave Baltimore with only a handful of employees in its head office and
legacy technology support functions.

It is the end of the story of Baltimore as a software company. This is the
final paragraph of the final chapter, chief executive Bijan Khezri
acknowledged yesterday.

Mr Khezri, who left Baltimore in 2000 and returned the following year to
oversee its restructuring, said shareholders would have the opportunity to
vote on what course the company should take by the end of this year -
possibly at an extraordinary meeting to approve the PKI sale in November.

Options included returning cash to shareholders, allowing another business
to reverse into the company, or making an acquisition.

This transaction is our last significant asset disposal and will deliver
on our commitment to eradicate operational cash burn and maximise
shareholder value, he told shareholders.

Baltimore shares fell 4.5p to 36.5p on news of the sale - a far cry from
the £13.50 peak scaled in March 2000.

The PKI business - which includes hundreds of customers in the government,
telecommunications and financial markets - generated revenues of £19.3m in
the year to last December but ran up losses of £11.1m before interest and
tax.

Mr Khezri said the need for scale in the global infrastructure software
market made the PKI disposal an obvious move. The long term
competitiveness of the PKI business requires critical mass, and beTRUSTed
has emerged as an excellent partner to take our PKI technology and customer
base to its next level.

Up to 80 of the PKI's 180 employees are expected to transfer with the
business to its new owners. A few more will be retained by Baltimore but
the company warned that about 60 staff face redundancy.

The new owner, beTRUSTed, said more than three quarters of its clients had
made significant investments in Baltimore's PKI technology, which it had
implemented and operated for many years.

We believe beTRUSTed's ownership will provide the necessary stability and
support for existing and prospective clients to build and deploy critical
business applications that leverage Baltimore's technology, said the
company's chief executive, John Garvey.


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-23 Thread Anne Lynn Wheeler
At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote:
http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html
so ignore for the moment the little indiscretion
http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At 
least I hope it's new)
http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At 
least I hope it's new)

and the part of turning a simple authentication problem into a 
significantly harder and error prone (along with exploits and 
vulnerabilities ... not to say expensive) problem:
http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security 
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security 
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a 
meaning

there has been the some past discussions of what happens to long term CA 
private key management over an extended period of time, possibly involving 
several corporate identities. Checking latest release browsers ... I find 
two CA certificates for GTE cybertrust ... one issued in 1996 and good for 
10 years and another issued in 1998 and good for 20 years.

so lets say as part of some audit ... is it still possible to show that 
there has been long term, continuous, non-stop, highest security custodial 
care of the GTE cybertrust CA private keys. If there hasn't ... would 
anybody even know? ... and is there any institutional memory as to who 
might be responsible for issuing a revokation for the keys? or responsible 
for notifying anybody that the certificates no longer need be included in 
future browsers?
--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-23 Thread John Saylor
hi

( 03.09.23 13:45 -0600 ) Anne  Lynn Wheeler:
 is it still possible to show that there has been long term,
 continuous, non-stop, highest security custodial care of the GTE
 cybertrust CA private keys. If there hasn't ... would anybody even
 know?

i worked at cybertrust/baltimore up until about 3 years ago [like rats
leaving a sinking ship ...].and, as you might imagine i have no idea
what's going on with those keys.

there was a big institutional fight over how much money to spend on
putting those keys in the browsers, now pretty much meaningless.  the
keys were always well watched, at least while i was there. i had to work
in that room a few times, and i was watched then too. the guy who ran
the facility [like a tight ship] left shortly after i did, so i have
even less faith in the integrity of those certs now than i would have
otherwise because his replacement probably couldn't even tell you what
TCP stands for.

but as you imply, all bets are off now.

-- 
\js

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-23 Thread John Young
Lynn and John Saylior have raised an important point. 

Who at Baltimore, or was once there, is likely to be able to
account for the security of the certs for customers who
still rely upon them? Not somebody to spin a fairy tale, but to 
truthfully explain what Baltimore has done to avoid betraying
the trust of its customers, or handing that trust over to others
who may not have Baltimore's scruples or be bound by its
promises.

Not that Baltimore's investors would give a hoot, but
customers might want to know who to challenge about
their private, once secure, data.

This matter is important for it is a bellweather of what's
to come with failure of other trusted parties or who or
bought by less scrupulous if more financially endowed
than always absolutely trustworthy crypto corporations.

The recent stink about betrayal of customer data with 
JetBlue, Acxiom and eBay is timely.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-23 Thread Bill Frantz
At 12:45 PM -0700 9/23/03, Anne  Lynn Wheeler wrote:
At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote:
http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html

so ignore for the moment the little indiscretion
http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At
least I hope it's new)
http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At
least I hope it's new)

and the part of turning a simple authentication problem into a
significantly harder and error prone (along with exploits and
vulnerabilities ... not to say expensive) problem:
http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security
took the wrong branch?
http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a
meaning


there has been the some past discussions of what happens to long term CA
private key management over an extended period of time, possibly involving
several corporate identities. Checking latest release browsers ... I find
two CA certificates for GTE cybertrust ... one issued in 1996 and good for
10 years and another issued in 1998 and good for 20 years.

so lets say as part of some audit ... is it still possible to show that
there has been long term, continuous, non-stop, highest security custodial
care of the GTE cybertrust CA private keys. If there hasn't ... would
anybody even know? ... and is there any institutional memory as to who
might be responsible for issuing a revokation for the keys? or responsible
for notifying anybody that the certificates no longer need be included in
future browsers?
--
Anne  Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

Note that proposals such as Tyler Close's YURL
http://www.waterken.com/dev/YURL/  avoid the issue of trust in the
TTP/CA.  As such, I find them attractive whenever they can be used.

Cheers - Bill


-
Bill Frantz| There's nothing so clear as   | Periwinkle
(408)356-8506  | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: End of the line for Ireland's dotcom star

2003-09-23 Thread Peter Gutmann
John Young [EMAIL PROTECTED] writes:

Who at Baltimore, or was once there, is likely to be able to account for the
security of the certs for customers who still rely upon them? Not somebody to
spin a fairy tale, but to truthfully explain what Baltimore has done to avoid
betraying the trust of its customers, or handing that trust over to others who
may not have Baltimore's scruples or be bound by its promises.

Is it really that big a deal though?  You're only ever as secure as the *least
secure* of the 100+ CAs automatically trusted by MSIE/CryptoAPI and Mozilla,
and I suspect that a number of those (ones with 512-bit keys or moribund web
sites indicating that the owner has disappeared) are much more of a risk than
the GTE/Baltimore/beTRUSTed/whoever-will-follow-them succession.

The real lesson of this, I think, is the observation that The company would
have done better to concentrate on making its core PKI technology easier to
deploy, which applies to most other PKI vendors and products as well.
Baltimore had the bizarre business strategy of using revenue from its PKI
products as a means of driving/funding work in its other product branches,
which is a bit like a drowning man going for a boat anchor as his most likely
flotation device.

Peter (curently flooded with Linux VPN mail, please be patient).

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]