[15039] in cryptography@c2.net mail archive
Re: Ousourced Trust (was Re: Difference between TCPA-Hardware and
daemon@ATHENA.MIT.EDU (Rich Salz)
Sat Dec 27 00:33:20 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 23 Dec 2003 14:01:53 -0500
From: Rich Salz <rsalz@datapower.com>
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <4.2.2.20031223072647.00b68a20@mail.earthlink.net>
> 2) certificates were fundamentally designed to address a trust issue in
> offline environments where a modicum of static, stale data was better
> than nothing
How many years have you been saying this, now? :) How do those modern
online environments achieve end-to-end content integrity and privacy?
My guess is that they don't; their use of private value-add networks
made it unnecessary. If my guess is/was correct, than as more valuable
transactions (or regulated data) flow over the commodity Internet, then
those things will become important. Make sense? Am I right?
If so, then I believe that we need a federated identity and management
infrastructure. The difference is that the third-party PKI enrollment
model still doesn't make sense, and organizations will take over their
own identity issues, as with SAML and Liberty. Once you do that, adding
"publicKey" as just another attribute is no big deal. With any luck,
the new year will bring the analogy SOAP::other middleware as SAML::x.509 :)
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
