[10116] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jan 14 13:15:58 2002
To: "Stef Caunter" <stefan.caunter@senecac.on.ca>
Cc: <cryptography@wasabisystems.com>,
"SPKI Mailing List" <spki@wasabisystems.com>
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 14 Jan 2002 09:44:16 -0800
In-Reply-To: "Stef Caunter"'s message of "Mon, 14 Jan 2002 10:55:11 -0500"
Message-ID: <kjpu4comj3.fsf@romeo.rtfm.com>
"Stef Caunter" <stefan.caunter@senecac.on.ca> writes:
> Does a user of ssl services care to know absolutely that they are
> communicating verifiably with whom they believe they have contacted, or does
> the user care to know absolutely that their communication is completely
> private?
These are inextricably connected. If you want to know that
your communications are private in the face of active attack
you need to know who you're talking to as well.
> I believe that the latter is most important; transparency through
> certificate presentation is kept deliberately expensive and is, as has been
> noted, often disclaimed by CAs, and is compromisable. It's an artificial
> system of site security perpetuated by the interests of commercial browsers.
How exactly does the difficulty of getting certificates help browser
manufacturers?
> Why can't self-verification be promoted? Why can't an nslookup call be built
> into certificate presentations?
What are you talking about? An nslookup call wouldn't help anything.
The essential problem is establishing that the public key you receive
over the network actually belongs to the person you think it does.
In the absence of a prior arrangement, the only way we know how
to do this is to have that binding vouched for by a third-party.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
