[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-CARM] PKI, CAs, TTPs &c.


Unless I badly misunderstand you, this is one reason for the existence
of the SPKI working group.  It begins with the notion, illustrated by
the design, implementation, and subsequent operations of the Internet
itself, that centralized control structures don't scale.  From there it
observes that the verifier of a message is the ultimate root authority,
and thus that all authority which it recognizes effectively flows from
itself.  My interest in SPKI has always been from the perspective of
wanting standardized code to do what must otherwise be accomplished with
lots of custom coding for each type of authorization.  PKIX is clearly
not interested in this; they are already committed to using X.509 to do
the job.  The cert-talk list is probably not interested in this either;
the emphasis there seems to be concentrating on applying existing products
and standards.

I think it's a very good thing to talk about.


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162

> From: George Capehart <gcapehart@mindspring.com>
> First, *MAJOR* apologies for cross-posting like this, but I have been
> having the same questions as those posed below.  I know that there have
> been various threads in the different groups that have touched on them,
> but most have taken tangents at some point or another or simply weren't
> appropriate for the list.  I, for one, would like to attack this whole
> area.  I changed jobs and ISPs a while back and have had a *really* hard
> time getting caught back up.  I have a feeling this would be a forum
> that would allow the thoughts and work being done by the different
> groups to converge.  I'd like to see discussion of these topics
> progress, whether on this list, in private or <shudder> on a new list if
> need be . . .
> pj ponder wrote:
> > 
> > Is this a good time to discuss the practicality of certificate and
> > CA based public key infrastructure?  Is there any interest in discussing
> > whether truly open PKI is viable? Trusted third parties?  Cross
> > certification?  If you are interested in this, or have an opinion on the
> > trust or business models represented by open PKI and public CAs, we can
> > either discuss it here, or in private email.  I'm hearing a general
> > rumbling that indicates it just won't work - not from a technical
> > viewpoint, we know the math works - but from a practical perspective of
> > how it might be implemented.
> rgds,
> -- 
> /*  George Capehart    gcapehart@mindspring.com      +1 704.866.9151  *
>  *                                                                    *
>  *  "If you push something hard enough, it will fall over."           *
>  *                          Fudd's First Law of Opposition            */