[10127] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Mon Jan 14 21:15:53 2002
Mime-Version: 1.0
Message-Id: <v04210103b869056d3365@[192.168.0.2]>
In-Reply-To: <3C4310C0.7BC2A3A8@research.att.com>
Date: Mon, 14 Jan 2002 17:58:56 -0500
To: "John S. Denker" <jsd@research.att.com>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: EKR <ekr@rtfm.com>, Ben Laurie <ben@algroup.co.uk>,
kudzu@tenebras.com, Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 12:09 PM -0500 1/14/02, John S. Denker wrote:
>...
>Returning to PKI in particular and software defects in
>particular: Let's not make this a Right-versus-Wrong
>issue. There are intricate and subtle issues here.
>Most of these issues are negotiable.
>
>In particular, you can presumably get somebody to insure
>your whole operation, for a price. In the grand scheme
>of things, it doesn't matter very much whether you (the
>PKI buyer/user) obtain the insurance directly, or whether
>the other party (the PKI maker/vendor) obtains the insurance
>and passes the cost on to you. The insurer doesn't much
>care; the risk is about the same either way.
>
The point is that the risks are not the same. A CA can lower the cost
of insurance it sells by taking additional precautions to reduce
risk. The CA is also in a better position to estimate the true
premium. A third party has to charge a very high premium since it is
in a poorer position to make an accurate assessment of the risk.
There would be a way for third parties to reduce their risk if some
simple mechanism existed for independent verification of
certificates. I once proposed that all PGP users display a small card
containing their key fingerprint in a window near their front door.
The corporate equivalent would be for organizations to display a hash
of a master signing key in their main and branch lobbies. Anyone
could then verify this key if they wanted to. There might be a bounty
for discovering any irregularity. A network of certificate insurers
might develop who would go from office to office recording
fingerprints and then selling lists by subscription along with a
guarantee of reimbursement for damages up to a certain amount if any
of their data were incorrect.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
