From mboxrd@z Thu Jan  1 00:00:00 1970
Message-Id: <200307102150.h6ALol704789@augusta.math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] pop3 before smtp
In-Reply-To: Your message of "Thu, 10 Jul 2003 17:21:54 EDT."
             <20030710212155.6079.qmail@g.bio.cse.psu.edu>
From: Dan Cross <cross@math.psu.edu>
Date: Thu, 10 Jul 2003 17:50:47 -0400
Topicbox-Message-UUID: f4583a0e-eacb-11e9-9e20-41e7f4b1d025

> | What is needed is a distributed PKI.
>
> But why?  It seems easy enough to use use private keys, and a nice
> protocol like SRP.

Well, the typical reason given is that you end up with this n^2 key
distribution problem.  PKI (in theory, at least) solves that via
signature chains.  Shared secret key systems like Kerberos have
attempted to solve this with authentication hierarchies, but while
e.g.  Kerberos has proliferated, the hierarchial authentication
component hasn't.

I don't understand this talk of `distributed PKI' though; isn't the
whole idea of a PKI that it's distributed to begin with?  Supposedly we
have that; it's just never really worked all that well.

It's a shame.  Public key cryptography involves some absolutely
beautiful mathematics.  Too bad people are disgusted with it due to the
poor implementations they most frequently encounter.

	- Dan C.