[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: karn@qualcomm.com (Phil Karn)
Subject: Re: key management
From: szabo@netcom.com (Nick Szabo)
Date: Wed, 14 Dec 1994 00:53:09 -0800 (PST)
Cc: perry@imsi.com, ipsec@ans.net
In-Reply-To: <199412140509.VAA11595@servo.qualcomm.com> from "Phil Karn" at Dec 13, 94 09:09:47 pm


Phil Karn: 
> Perry's concerns are valid, but they all seem to address what I'd call
> certificate management, as opposed to session key management which is
> what we're really discussing right now. In the tried-and-true
> tradition of the Internet, we've been building IP security bottom-up,
> which I think is the right thing to do.

If we design the bottom elements before designing the certificate 
management, we need to make sure that these elements are independent
of any particular model of certificate management, whether hierarchical,
web of trust, or some of the interesting Kerberos-inspired ideas Perry
has proposed.  Indeed, perhaps we should not assume that _any_ 
certificate management scheme will work.  I'm seeing a trend of 
public key distribution becoming the hangup of a wide variety of
Internet commerce and security endeavors.  X.509 is widely
distrusted in the context of the Internet, and the informal PGP 
web of trust seems quite unsatisfactory to many.  If it doesn't 
get discussed here I hope we can find another high SNR forum for it.

Nick Szabo					szabo@netcom.com

References:

Re: key management

From: Phil Karn <karn@qualcomm.com>

Prev by Date: randomness (was Re: a comment/question on perfect forward secrecy )
Next by Date: user keys
Prev by thread: Re: key management
Next by thread: Re: key management
Index(es):
- Main
- Thread