From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <8ad941aca9fdad3ba916503276aa99b8@vitanuova.com> From: C H Forsyth To: 9fans@cse.psu.edu Subject: Re: [9fans] pop3 before smtp In-Reply-To: <20030711144643.GA26212@wilbur.25thandClement.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-afeguxxbwxcdfbrmryuekayxod" Date: Sun, 13 Jul 2003 00:58:11 +0100 Topicbox-Message-UUID: f6734cc0-eacb-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-afeguxxbwxcdfbrmryuekayxod Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit what makes you think that PKI is necessarily or even essentially hierarchical? are you sure that was that the aim of some (or all) of the inventors? --upas-afeguxxbwxcdfbrmryuekayxod Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <9fans-admin@cse.psu.edu> Received: from punt-3.mail.demon.net by mailstore for forsyth@vitanuova.com id 19azJo-4-7Og-DZ; Fri, 11 Jul 2003 14:56:16 -0000 Received: from psuvax1.cse.psu.edu ([130.203.4.6]) by punt-3.mail.demon.net id aa0421715; 11 Jul 2003 14:47 GMT Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id E859E19CDF; Fri, 11 Jul 2003 10:47:16 -0400 (EDT) Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.16.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 4054019CDE; Fri, 11 Jul 2003 10:47:11 -0400 (EDT) X-Original-To: 9fans@cse.psu.edu Delivered-To: 9fans@cse.psu.edu Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id E0C1119CDD; Fri, 11 Jul 2003 10:46:46 -0400 (EDT) Received: from wilbur.25thandClement.com (wilbur.25thandclement.com [64.62.167.198]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id E4EC919CD9 for <9fans@cse.psu.edu>; Fri, 11 Jul 2003 10:46:45 -0400 (EDT) Received: from wilbur.25thandClement.com (william@localhost [IPv6:::1]) by wilbur.25thandClement.com (8.12.9/8.12.9) with ESMTP id h6BEkhj8012628 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <9fans@cse.psu.edu>; Fri, 11 Jul 2003 07:46:44 -0700 (PDT) Received: (from william@localhost) by wilbur.25thandClement.com (8.12.9/8.12.9/Submit) id h6BEkhrI007634 for 9fans@cse.psu.edu; Fri, 11 Jul 2003 07:46:43 -0700 (PDT) From: William Ahern To: 9fans@cse.psu.edu Subject: Re: [9fans] pop3 before smtp Message-ID: <20030711144643.GA26212@wilbur.25thandClement.com> References: <20030710212155.6079.qmail@g.bio.cse.psu.edu> <200307102150.h6ALol704789@augusta.math.psu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307102150.h6ALol704789@augusta.math.psu.edu> User-Agent: Mutt/1.5.4i Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Fri, 11 Jul 2003 07:46:43 -0700 X-Spam-Status: No, hits=-5.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) On Thu, Jul 10, 2003 at 05:50:47PM -0400, Dan Cross wrote: > > | What is needed is a distributed PKI. > > > > But why? It seems easy enough to use use private keys, and a nice > > protocol like SRP. > > Well, the typical reason given is that you end up with this n^2 key > distribution problem. PKI (in theory, at least) solves that via > signature chains. Shared secret key systems like Kerberos have > attempted to solve this with authentication hierarchies, but while > e.g. Kerberos has proliferated, the hierarchial authentication > component hasn't. > > I don't understand this talk of `distributed PKI' though; isn't the > whole idea of a PKI that it's distributed to begin with? Supposedly we > have that; it's just never really worked all that well. Because for many things, especially when you get into generic web services, you don't need a hierarchy of _trusted_ certificate chains that you can trace. All you really care is that the same client who visited you yesterday is the same one doing a follow-up today. Or maybe that you were redirected to service XYZ, and you need a high degree (not absolute) of probability that the service XYZ you are talking to is the one you were meant to be redirected to. Not to mention its pretty much requisite to build any significantly sized trust metric system. If I'm in a corporation, then a hierarchical system is normative. But in the rest of the world, why do I care if some capriciously chosen entity vouches for the _name_ (not identity) of some web site? - Bill --upas-afeguxxbwxcdfbrmryuekayxod--