On 01/19/2012 06:51 PM, Phillip Hallam-Baker wrote: > The threat we should be interested in at this point is the following: > > * Bad thing happens to user of the Internet.
If Paul's threat lineup was a too specific, Phillip's description here
strikes me as a tad overbroad.
Given the name of the list and the context in which it was formed, it
seems that the concern is about identity management, particularly with
public key infrastructure in mind:
* an attacker can convince a victim on the network that the attacker is
someone else.
* the victim is likely to do or communicate things with that attacker
given their mistaken belief about the identity of the attacker.
Public key infrastructure (in the general sense, not limited to PKIX and
X.509) has a goal of making sure that each party to a transaction can be
sure that the key of each other party belongs to the entity they think
it does.
We're looking at various ways that this binding (knowing "the right key"
for each peer you communicate with) can fail, and what can be done to
avoid those failures.
Hopefully, participants in this list will also be willing to examine the
social structures and incentives created by the various technical
proposals under discussion, since they're relevant to the resistance of
the scheme against various methods of impersonation.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
