[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key management
Phil Karn:
> Perry's concerns are valid, but they all seem to address what I'd call
> certificate management, as opposed to session key management which is
> what we're really discussing right now. In the tried-and-true
> tradition of the Internet, we've been building IP security bottom-up,
> which I think is the right thing to do.
If we design the bottom elements before designing the certificate
management, we need to make sure that these elements are independent
of any particular model of certificate management, whether hierarchical,
web of trust, or some of the interesting Kerberos-inspired ideas Perry
has proposed. Indeed, perhaps we should not assume that _any_
certificate management scheme will work. I'm seeing a trend of
public key distribution becoming the hangup of a wide variety of
Internet commerce and security endeavors. X.509 is widely
distrusted in the context of the Internet, and the informal PGP
web of trust seems quite unsatisfactory to many. If it doesn't
get discussed here I hope we can find another high SNR forum for it.
Nick Szabo szabo@netcom.com
References: