From: "Major Variola (ret)" <mv@cdc.gov> Sent: Sep 17, 2004 10:27 PM To: "cypherpunks@al-qaeda.net" <cypherpunks@al-qaeda.net> Subject: Re: potential new IETF WG on anonymous IPSec
At 06:20 AM 9/17/04 +0000, Justin wrote:
On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: ... Oh, come on. Nothing can be absolutely trusted. How much security is enough?
Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis problematic for civilians to get certs from there.
DoD certs are good enough for DoD slaves. Hospital certs are good enough for their employees. Joe's Bait Und Tackle certs are good enough for Joe's employees. Do you think that Verislime is good enough for you?
You seem to have rediscovered the fact that crypto can move trust around, but can't create any. You have to decide to trust someone for it to be useful. The great problem with practically using this stuff is getting someone that you're comfortable trusting, who can then use crypto to move the trust around in a sensible way. The condition necessary for Verisign certificates to have a lot of trust, to me, is for the appearance of a fraudulent Verisign certificate to be a major scandal, leading to the CEO getting canned, the stock price dropping by some large fraction, and a huge fall-off of business for their CA. When that isn't the case (for the high security certs; it's clearly silly to expect it for low-security ones), the CA doesn't have as much incentive as I'd like to be careful about forgeries. You'd like the exposure of a fraudulent certificate signed by a CA to have the same kind of effect as the exposure of a bank being unable to produce the money a depositor demands. Fraudulent certificates issued for any purpose--whether furnishing fake IDs to FBI agents, or to Al Qaida terrorists, or to random Nigerian-scam operators--leave a permanent trail; the recipient of the certificate can show it around when he discovers it's fraudulent. If the last step of this protocol for the CA is "and then you go out of business," the incentives not to issue fraudulent certificates looks right. --John