[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

To: Bob Smart <smart@mel.dit.csiro.au>
Subject: Re: comments on client auth
From: Carl Ellison <cme@cybercash.com>
Cc: spki@c2.org

At 10:40 PM 6/14/96 +1000, Bob Smart wrote:

>Can we start a mailing list spki.advocacy for these arguments. I won't
>subscribe. In the mean time can I ask that people not be suckered in
>to these arguments. I already wish I'd taken my own advice...

If SPKI were a USENET newsgroup, I'd suggest talk.politics.spki :)
From ???@??? Sat Jun 15 11:33:46 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
	id AA02759; Fri, 14 Jun 96 20:15:10 EDT
Received: by callandor.cybercash.com; id UAA24566; Fri, 14 Jun 1996 20:12:00 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
	id xma024562; Fri, 14 Jun 96 20:11:53 -0400
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id RAA19073 for spki-outgoing; Fri, 14 Jun 1996 17:09:51 -0700 (PDT)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960614172435.0082437c@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 14 Jun 1996 13:24:35 -0400
To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
From: Carl Ellison <cme@cybercash.com>
Subject: Re: comments on client auth 
Cc: "Brian M. Thomas" <bt0008@entropy.sbc.com>, spki@c2.org,
        hallam@Etna.ai.mit.edu
Sender: owner-spki@c2.org
Precedence: bulk

At 11:59 AM 6/14/96 -0400, Bill Sommerfeld wrote:

>I'm convinced that the only robust solution to the public-key
>management problem involves smartcard-type technology.
>
>Given limited storage trusted storage space on the smartcard, this
>argues for a "you are your own root" model, with certificates for any
>third-party "roots" stored externally to the card.

To me, this isn't tied to smart cards at all.  Smart cards (especially
PCMCIA cards which read thumbprints and pulses) make the bond between human
user and signature key extremely strong.  Tamper resistant cards make
storage of root keys secure -- and if the card does the cert chain
validation itself, then you can trust the result -- but of course, you can't
trust the path over which the result is communicated from the card back to
you, so you haven't gained perfection.

No matter how we cut it, we're forced to risk trusting an untrustworthy
system at some point.

Give that we trust the system, then we can treat the PC on my desk as if it
were a tamper-resistant smart card.

In this environment, "you are your own root" is an axiom as far as I'm
concerned.  You are, after all, the final authority on what you trust.


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+

Prev by Date: Re: comments on client auth
Next by Date: Re: comments on client auth
Next by thread: Re: SDSI name interpretation
Index(es):
- Main
- Thread