[125199] in cryptography@c2.net mail archive
Re: Can we copy trust?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Tue Jun 3 16:30:41 2008
Date: Tue, 03 Jun 2008 09:03:26 -0700
From: Ed Gerck <edgerck@nma.com>
To: Ben Laurie <ben@links.org>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4844AE47.4080006@links.org>
Ben Laurie wrote:
> Obviously. Clearly I am talking about a server in a different domain.
And we (Kelly and I) were talking about copying trust, where a copy is
(as usual) a reproduction, a replication of an original. If you are
copying trust from a domain, as represented by a SSL cert signed by a
trusted CA, it should be a reproduction of /that/ trust -- not trust
on a different domain.
If you want to "copy" trust to a different domain, then we need to
transfer the trust. This is also /possible/, as you know, as long as
the issuing CA has set the "CA bit" in the SSL certificate. Object
Signing CA certs must have the Object Signing CA bit set.
In summary, in SSL you can both copy and transfer trust. Without
further evidence, which can be provided in pvt if desired by anyone,
(1) SSL is not such only example in the Internet; and (2) we can
likewise copy and transfer trust in our social interactions, not just
in our digital interactions.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
