public keys can be used to provide some degree of trust propogation w/o the
problems associated with shared secrets ... independent of key-exchange for
session confidentiality.
certificates were designed to provide for offline trust propogation (i.e.
trusted 3rd party generating
paper credentials in the days of sailing ships ... for things like letters of
credit).
two possible online scenerios for online trust propogation was online domain
name infrastructure providing public key as part of online hostname resolution
response ... and licensing/certification agencies providing public key as part
of a trust lookup.
Trust propogation also works going from highly authenticated environment ...
which might register a public key with a relying party; to a quickly
authenticated environment remote, non-face-to-face transactions with digital
signature (the digital signature would be a mathematical encapsulation of the
authentication business process that occured as part of public key
registeration) . Asymmetric algorithms have some advantages over traditional
shared-secret algorithms in that there can be lower maintenence expense at the
relying party (i.e. security exposure associated with divulging a shared
secret).
random refs:
http://www.garlic.com/~lynn/2000f.html#1
http://www.garlic.com/~lynn/2000f.html#3
John Kelsey
participants (1)
-
Lynn.Wheeler@firstdata.com