[10140] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (D. A. Honig)
Tue Jan 15 14:12:22 2002
Message-Id: <3.0.5.32.20020115104830.007ca6b0@mail.orng1.occa.home.com>
Date: Tue, 15 Jan 2002 10:48:30 -0800
To: EKR <ekr@rtfm.com>, "Stef Caunter" <stefan.caunter@senecac.on.ca>
From: "D. A. Honig" <dahonig@home.com>
Cc: <cryptography@wasabisystems.com>
In-Reply-To: <3.0.5.32.20020115061645.0079c310@mail.orng1.occa.home.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
>[The
>question isn't some sort of mystification of identity -- it is being
>able to know that you're talking to the same "Dear Abby" your friends
>have talked to and that you talked to last week.
Here you're talking about "reputation of nyms", which doesn't require
third parties or certs, just well-kept secret keys of a PK pair.
If the remote entity keeps using the same PK keys, you can reasonably
update reputation
based on that alone. (They're essentially signing their behaviors.)
[Moderator's note: I fully agree. I was disputing only the notion that
unauthenticated connections were sufficient. Authentication does not
require certificates or third parties -- see the way SSH handles keys
for example. --Perry]
>Now that MIM attacks
>have been automated they don't even need sophistication to conduct. --Perry]
Since a signed cert is useful for recovering ZERO dollars from the signer,
if you've been defrauded by some entity, the end result is the same if a MIM
defrauds you.
A *trusted* signer would solve the confidentiality loss problem but not the
financial
liability problem. But given that signers will sign *anything* (and why
not, they have no
financial liability and little useful reputation to lose) this is a small
difference.
dh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
