16 Nov
2000
16 Nov
'00
5:21 p.m.
On Sat, 11 Nov 2000, R. A. Hettinga wrote:
Conventional, hierarchical PKI, built around the ISO standard X.509, has been, and will continue to be, a substantial failure. This paper examines that form of PKI architecture, and concludes that it is a very poor fit to the real needs of cyberspace participants. The reasons are its inherently hierarchical and authoritarian nature, the unreasonable presumptions it makes about the security of private keys, a range of other technical defects, confusions about what it is that a certificate actually authenticates, and its inherent privacy-invasiveness. Alternatives are identified.
In the vast majority of cases, preventing man in the middle attacks is a waste of time. -Bram Cohen