[146792] in cryptography@c2.net mail archive
[Cryptography] Replacing CAs (was Re: Why prefer symmetric crypto
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sat Sep 7 20:52:18 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 7 Sep 2013 20:52:12 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Derrell Piper <ddp@electric-loft.org>
In-Reply-To: <C04BBA78-EDA4-4DF5-8EDB-27F5260D3C7F@electric-loft.org>
Cc: "Marcus D. Leech" <mleech@ripnet.com>, cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sat, 7 Sep 2013 17:46:39 -0400
Derrell Piper <ddp@electric-loft.org> wrote:
> On Sep 6, 2013, at 11:51 PM, Marcus D. Leech <mleech@ripnet.com>
> wrote:
>
> > The other thing that I find to be a "dirty little secret" in PK
> > systems is revocation. OCSP makes things, in some ways, "better"
> > than CRLs, but I still find them to be a kind of "swept under the
> > rug" problem when people are waxing enthusiastic about PK systems.
>
> Well, there are other saddles, as it were. SPKI/SDSI both offer a
> path forward without needing a trusted CA...
I think that in general one doesn't need CAs much. I will point out,
again, a message I sent to the list recently in which I propose that
simple demonstration of long term use and association may be
sufficient for ordinary purposes:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
