From: David Presotto <presotto@closedmind.org>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] pop3 before smtp
Date: Thu, 10 Jul 2003 20:02:58 -0400 [thread overview]
Message-ID: <967768cb40aa71d536446da30109cc15@plan9.bell-labs.com> (raw)
In-Reply-To: <200307102150.h6ALol704789@augusta.math.psu.edu>
[-- Attachment #1: Type: text/plain, Size: 809 bytes --]
The x.509 PKI is distributed. The only problem with it is that noone
takes responsibility for anything. I'ld be happy to believe a CA about
a cert it signs if the cert itself didn't contain a scree about how
the CA absolves itself of all responsibility.
Also, the revocation problem has also never been well handled. There are
revocation servers out there but they tend to be overloaded and often
unavailable. Shorter term keys would help accept then one of the big
advantages of having a CA would disappear, i.e., that you wouldn't
have to talk to it very often. With revocation lists and/or short
lived keys, shared keys don't look so bad anymore.
The result is that the one org willing to take financial responsibility,
i.e. Microsoft, can get away with something as crufty as Passport.
[-- Attachment #2: Type: message/rfc822, Size: 2972 bytes --]
From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] pop3 before smtp
Date: Thu, 10 Jul 2003 17:50:47 -0400
Message-ID: <200307102150.h6ALol704789@augusta.math.psu.edu>
> | What is needed is a distributed PKI.
>
> But why? It seems easy enough to use use private keys, and a nice
> protocol like SRP.
Well, the typical reason given is that you end up with this n^2 key
distribution problem. PKI (in theory, at least) solves that via
signature chains. Shared secret key systems like Kerberos have
attempted to solve this with authentication hierarchies, but while
e.g. Kerberos has proliferated, the hierarchial authentication
component hasn't.
I don't understand this talk of `distributed PKI' though; isn't the
whole idea of a PKI that it's distributed to begin with? Supposedly we
have that; it's just never really worked all that well.
It's a shame. Public key cryptography involves some absolutely
beautiful mathematics. Too bad people are disgusted with it due to the
poor implementations they most frequently encounter.
- Dan C.
next prev parent reply other threads:[~2003-07-11 0:02 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-07 12:05 [9fans] verifying CD vs. iso image pac
2003-07-07 13:39 ` [9fans] pop3 before smtp Kenji Arisawa
2003-07-09 0:49 ` Lyndon Nerenberg
2003-07-09 1:16 ` boyd, rounin
2003-07-09 1:24 ` Dan Cross
2003-07-09 1:58 ` boyd, rounin
2003-07-09 1:36 ` Scott Schwartz
2003-07-09 1:54 ` boyd, rounin
2003-07-09 5:05 ` Kenji Arisawa
2003-07-09 7:21 ` Fco.J.Ballesteros, nemo
2003-07-09 7:39 ` Kenji Arisawa
2003-07-09 7:56 ` Geoff Collyer
2003-07-09 8:29 ` Kenji Arisawa
2003-07-09 9:07 ` Kenji Arisawa
2003-07-10 4:02 ` Russ Cox
2003-07-10 19:18 ` Lyndon Nerenberg
2003-07-10 19:24 ` David Presotto
2003-07-10 19:38 ` David Presotto
2003-07-10 19:49 ` boyd, rounin
2003-07-10 20:09 ` William Ahern
2003-07-10 21:21 ` Scott Schwartz
2003-07-10 21:50 ` Dan Cross
2003-07-10 21:56 ` boyd, rounin
2003-07-11 0:02 ` David Presotto [this message]
2003-07-11 0:09 ` boyd, rounin
2003-07-11 0:23 ` David Presotto
2003-07-11 15:03 ` William Ahern
2003-07-11 15:16 ` Martin Harriss
2003-07-11 15:59 ` William Ahern
2003-07-12 0:51 ` Bruce Ellis
2003-07-11 10:44 ` matt
2003-07-11 14:46 ` William Ahern
2003-07-12 23:58 ` C H Forsyth
2003-07-11 8:52 ` bs
2003-07-11 9:18 ` boyd, rounin
2003-07-10 19:51 ` Lyndon Nerenberg
2003-07-10 20:01 ` boyd, rounin
2003-07-10 20:20 ` Lyndon Nerenberg
2003-07-10 19:33 ` George Michaelson
2003-07-10 19:44 ` Lyndon Nerenberg
2003-07-10 22:02 ` Geoff Collyer
2003-07-10 22:14 ` boyd, rounin
2003-07-10 23:11 ` Geoff Collyer
2003-07-10 23:26 ` boyd, rounin
2003-07-10 23:38 ` Geoff Collyer
2003-07-10 23:48 ` boyd, rounin
2003-07-10 23:56 ` David Presotto
2003-07-11 0:03 ` boyd, rounin
2003-07-10 22:23 ` Lyndon Nerenberg
2003-07-07 16:58 ` [9fans] verifying CD vs. iso image David Presotto
2003-07-07 20:46 ` boyd, rounin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=967768cb40aa71d536446da30109cc15@plan9.bell-labs.com \
--to=presotto@closedmind.org \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).