[Top] [All Lists]

Re: Weakening the rigid heirarchical trust model

1997-12-30 07:31:45

My feeling on this, and one that is backed up by management at
Microsoft, is that Microsoft does not want to even think about the
responsability of deciding on what basis a Certificate Authority should
be judged and then try and do the necessary follow up work in order to
make sure that the standards are being held to.  

While I would agree to this point, it does not mean that the user
is necessarily going to have no guidance on what standards and
precautions a CA takes. There are auditing standards for security
such as SAS 70, there are even companies who make a business
essentially out of accrediting CAs (gosh guess who they might be!)

In the end the user MUST be the one resonsible for make the judgement
call about what is and is not a good CA for their purposes.  

I agree with this point as well and would use it to utterly refute
David and Ed's arguments against self signed certs and such.

There are no 'high security' protocols, the class simply cannot
exist. There are only high security _systems_, that is systems
comprising protocols and operating proceedures which
together provide a given level of assurance that certain
specified risks have been guarded against.

The only valid reason for restricting a protocol in the manner 
suggested would be if the forbiden mode of operation was
inherently insecure. It is not. The problem with Web of Trust
is that the folk who can use it competently is probably less
than one percent of the population and the largest feasible 
community of trust is about ten thousand folk. I accept the
fact that Jeff Schiller has the ability to issue ten thousand 
odd PGP certs to MIT's Athena users, but guess what? he is
acting as a CA. There is no essential difference between the
MIT PGP cert server and their X.509 cert server except that
an S/MIME client makes it easy to note that there is something
rather special about the X.509 root certificate.

I think we should let this argument rest. Open PGP has at this
point only one supporter of consequence, Qualcomm. With
everyone else in the S/MIME camp and PGP just rescued
from bankrupcy the outcome is not hard to guess. We should
be looking to see how we can salvage what is best from the 
PGP experiment rahter than continue to fight a war that
has been won as far as the desktop goes.

The problem we have is that many of the people who are the 
natural early adopter constituency for S/MIME have not
realised that PGP is dead. In other words we have won the
standards battle but not the mind share battle.

I see no reason to alienate a significant user base simply to
trample on the remains of a PKI model that isn't viable in
any case. I don't think that most PGP users want to be a
CA, they just want to have that option.