[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TPKI - living without certificates

All the security infrastructures being developed (PKIX, DNSSEC, IPSEC,
and even SPKI) show that it is not easy to build security structures with
links into the real world. 

Are there applications that can use public key cryptography without
needing certificates to link the public keys to things or rights in 
the real world? I'd like to answer that with a very positive and definite 

If such applications exist then they are important because they are
much easier to implement. They offer the hope of working our way up,
and securely bootstrapping the more conventional certificate-based
systems. But maybe experience of those certificate-free appliations
will give us different ideas about how to link in to the real world.

At any rate I've written up a rough outline of what such a system might
be like at


[TPKI stands for "Trivial Public Key Infrastructure"].

An example of a TPKI-based Bank and payment system is given in


All very rough at the moment. I'll have a go at tidying them up as
internet-drafts next weekend depending on any feedback I might get.


P.S. We are likely to be advertising soon for software engineers
who are interested in a research environment, working in security and
related Distributed Systems areas. Let me know if you would like to 
receive information about this. We are unlikely to take someone who
isn't already resident in Australia. Later in the year we are likely
to be advertising for a Project Leader [I'm acting PL at the moment].
For this non-Australians are definitely eligible. If you have a PhD 
and/or equivalent experience and a research record and want to be
kept informed about such an opening then let me know.