Public Key Infrastructure: An Artifact...

[Lynn.Wheeler at firstdata.com]

specifically with respect to SSL server certificates ... their primary objective
was supposedly to overcome shortcomings in the domain name infrastructure
integrity (and as stated, most of the SSL server certificate issuing entities
actually also have dependencies on that integrity). Fixes for the integrity of
the domain name infrastructure ... eliminates the domain name infrastructure as
a business case/justification for the existance of those certificates.

Specifically with respect to SSL server certificate, the remaining issue is
possibly merchant/server trust (not trust with respect to internet operational
integrity ... but fusiness/fraud trust with respect to the business operation of
the merchant/server). Establishing that trust goes beyond just having the
comfort that if you are defrauded that you might be able to identify the guilty
party. That can be addressed with an online BBB &/or consumer report type of
service providing real-time information.

Eliminating both justifications for SSL server certificates ... then makes the
vast majority of the existing SSL server certificates redundant and superfulous
(and I believe would severely impact the business case justification for setting
up an operation to provide such a service).

Now this is applicable to the current existing dominant PKI deployment in the
world today (possibly accounting for 99.999999999% of instances where there is a
certificate transmitted and a client checks the contents of that certificate).
It possibly is not applicable to any other hypothetical PKI implementation which
may or may not currently exist.







Ben Laurie <ben at algroup.co.uk> on 11/19/2000 05:03:20 AM