CDR: Re: Public Key Infrastructure: An Artifact...

[Ray Dillinger]

On Mon, 20 Nov 2000 Lynn.Wheeler at firstdata.com wrote:

>as pure asside ... any SSL server certificate signed by any CA 
> in my browswer's CA list is acceptable.
>
>my broswer makes no distinction on which CA signed what ... 
> and/or even what they signed. If I get a certificate signed 
> by any CA in my browswers list that says foo.bar ... 


I think that one of the major problems with PKI is the "binary-ness" 
of it.  Everything gets shoveled into "acceptable" or "not acceptable" 
at the end of the process, but I don't think it's appropriate in 
trust decisions to have stuff shoveled into "acceptable" and "not 
acceptable" piles at the very beginning. 

We can't give a numeric score to the degree of trust we place in a 
CA.  There's no protocol for exchanging information about breaches 
in trust regarding particular certs, so we can't have a policy for 
auto-updating our trust model.  If I get a spoofed cert from a CA, 
and notice it, I ought to be able to downgrade the trust in that CA 
- without necessarily removing ALL trust in that CA.  Furthermore, 
my system ought to pass along the news about the spoofed cert, along 
with the signature that proves it came from that CA, so that other 
systems can do the same. 

"Gossip" is really the only way a robust trust model can work. 
systems have to at least be ABLE to notify and inform one another 
when there's a breach of trust involving a CA, and different 
people have to be able to set the threshold for trust at different 
points. 


				Bear