CDR: Re: Public Key Infrastructure: An Artifact...
Tim May
tcmay at got.net
Mon Nov 20 12:38:57 PST 2000
At 11:40 AM -0800 11/20/00, Ray Dillinger wrote:
>On Mon, 20 Nov 2000 Lynn.Wheeler at firstdata.com wrote:
>
>>as pure asside ... any SSL server certificate signed by any CA
>> in my browswer's CA list is acceptable.
>>
>>my broswer makes no distinction on which CA signed what ...
>> and/or even what they signed. If I get a certificate signed
>> by any CA in my browswers list that says foo.bar ...
>
>
>I think that one of the major problems with PKI is the "binary-ness"
>of it. Everything gets shoveled into "acceptable" or "not acceptable"
>at the end of the process, but I don't think it's appropriate in
>trust decisions to have stuff shoveled into "acceptable" and "not
>acceptable" piles at the very beginning.
>
>We can't give a numeric score to the degree of trust we place in a
>CA. There's no protocol for exchanging information about breaches
>in trust regarding particular certs, so we can't have a policy for
>auto-updating our trust model.
These problems with binary trust in hierarchical models ("trust this
cert because the highest node said to trust it") have been dealt with
many, many times.
Cf. my own articles on probabalistic networks, belief networks, and
Dempster-Shafer measures of belief.
I don't even see how thoughtful people can continue to believe this
is still a debatable issue. Those pushing X.509 and similar
hierarchical systems have their own statist axes to grind...and they
like the commission they get off of each of the King's certs.
--Tim May
--
(This .sig file has not been significantly changed since 1992. As the
election debacle unfolds, it is time to prepare a new one. Stay tuned.)
More information about the cypherpunks-legacy
mailing list