[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth



At 11:59 AM 6/14/96 -0400, Bill Sommerfeld wrote:

>I'm convinced that the only robust solution to the public-key
>management problem involves smartcard-type technology.
>
>Given limited storage trusted storage space on the smartcard, this
>argues for a "you are your own root" model, with certificates for any
>third-party "roots" stored externally to the card.

To me, this isn't tied to smart cards at all.  Smart cards (especially PCMCIA cards which read thumbprints and pulses) make the bond between human user and signature key extremely strong.  Tamper resistant cards make storage of root keys secure -- and if the card does the cert chain validation itself, then you can trust the result -- but of course, you can't trust the path over which the result is communicated from the card back to you, so you haven't gained perfection.

No matter how we cut it, we're forced to risk trusting an untrustworthy system at some point.

Give that we trust the system, then we can treat the PC on my desk as if it were a tamper-resistant smart card.

In this environment, "you are your own root" is an axiom as far as I'm concerned.  You are, after all, the final authority on what you trust.