CDR: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)
Jim Choate
ravage at ssz.com
Wed Nov 15 20:56:07 PST 2000
On Wed, 15 Nov 2000, Mac Norton wrote:
> I think we knew that, but the particular problem posited here is
> that Alice's sig can be associated with a record she never saw,
> an acute symptom, not a chronic one, I'd hope. But I have asked
> for education in that regard, and hope it's forthcoming.
If 'you' knew that, nobody could tell from the comments. The general
cypherpunks view seems to be the PGP web-of-trust is sufficient (and they
are woefully wrong).
This is actualy one of the two key problems with PKC management,
authentication/verification. The other being scaling. The
authentication/verification problem itself has two branches. The first
being submitter/user authentication and the other being
protocol/implimentation verification.
As to scaling, I've been touting 'small network' approaches for years. It's
interesting that Napster and it's ilk are just that. Couple this with a
universal namespace (ala Plan 9) and some service like LDAP and you might
have a usable system. Couple this with a cryptographicaly secure network
layer (this is another key management problem also) and 'indepenent' or
open source nameservers (for IP resolution, not to be confused with the
'working' namespace I mention above).
The only thing I've seen that looks remotely workable is completely
distributed and open sourced. The problem is setting up the not-for-profit
namespace and key registries (assuming the problems above are resolved).
How should they be funded?
There is no real answer to any of them at the current time though.
____________________________________________________________________
He is able who thinks he is able.
Buddha
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage at ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
More information about the cypherpunks-legacy
mailing list