[145432] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Jul 28 08:32:13 2010
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: ben@links.org, pgut001@cs.auckland.ac.nz
Cc: cryptography@metzdowd.com
In-Reply-To: <4C500899.4050009@links.org>
Date: Thu, 29 Jul 2010 00:18:24 +1200
Ben Laurie <ben@links.org> writes:
>I find your response strange. You ask how we might fix the problems, then you
>respond that since the world doesn't work that way right now, the fixes won't
>work. Is this just an exercise in one-upmanship? You know more ways the world
>is broken than I do?
It's not just that the world doesn't work that way now, it's quite likely that
it'll never work that way (for the case of PKI/revocations mentioned in the
message, not the original SNI). We've been waiting for between 20 and 30
years (depending on what you define as the start date) for PKI to start
working, and your reponse seems to indicate that we should wait even harder.
If I look at the mechanisms we've got now, I can identify that commercial PKI
isn't helping, and revocations aren't helping, and work around that. I'm
after effective practical solutions, not just "a solution exists, QED"
solutions.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
