-- On 7 Sep 2003 at 7:00, Thomas Shaddack wrote:
Central certification authority has its risks and advantages. Remembering the fingerprints of known keys and alerting for the new or changed ones has its advantages too. Why we shouldn't have it all?
Why there couldn't be a system that would keep the database of known keys and report changes and new keys, like SSH does, and at the same give the possibility to sign the keys by several CAs? Effectively turning the hierarchy with potentially vulnerable top to a much-less-vulnerable web structure?
Ideally a client that mediates interactions should get trust information from all relevant sources, and flag the user when there is something unusual about an interaction. However the more sources, the harder it is for mere software to figure out what is meaningful and relevant, and therefore the greater the risk that one will wind up continually throwing irrelevant dialog boxes at the user, which the user eventually learns to click through and ignore. It is hard to do what you propose. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG McThKMMEVOKkdz4RWIcbMuoi2/6QWYqfbndp1rrO 4NHj3GqtByVC9gs20vzoMmlt0cJTw1eJUCwsGHG/S