[Top] [All Lists]

Re: Weakening the rigid heirarchical trust model

1997-12-30 15:27:16
David P. Kemp wrote:

From: David Sternlight <david(_at_)sternlight(_dot_)com>

any means except S/MIME.

Not bad! If a user has to exercise positive seeking behavior to get a
self-signed CA cert ...

Get a clue, please.

This is the first personal attack in this discussion. It has no place here. It
brings into question the rest of your contribution.

 The "any means except S/MIME" suggestion was intended
to demonstrate absurdity, not be taken seriously.

Nevertheless it is a good idea and I give you full credit. It wouldn't be the
first time someone thinking they were offering a straw man inadvertently
stumbled onto an insight. Since self-signed CA certs not meeting agreed trust
standards are an inherent opening for weakness, we should make that "opening"
in the system fail-safe via the standard. Positive seeking behavior is a way
to insure that the user can't accidentally foul up either through carelessness
or under the pressure of time. It must be the user's thoughtful act that
permits that, not a "push" followed by a possibly naive user simply going along.

Judging by your e-mail address, don't you work for an organization that spends
a lot of time on the concept of fail-safe crypto and authentication systems?
Why not bring some of that flavor (appropriately tailored) to benefit this
group's work?

Do you have some local agenda involving self-signed CAs? If so, perhaps it is
worth discussing openly as part of the evolution of understanding of this issue.

"Positive seeking behavior" is a property of applications, not of

It is a property of users, if they have no alternative. The standard can be so
written as to preclude push CA certificates of unknown trustworthiness, and
thus require the user to obtain them exogenously. 

Please discuss application design and security ergonomics somewhere
else - it is off-topic for the IETF S/MIME protocol working group.

Nice lateral arabesque. By redefining my suggestion away from inclusion in the
standard (where it CAN be included), you convert it to "application design and
security ergonomics", which in turn permits you to say "off topic." But as the
first response to my post, from the head of the IMC said, it is both apt and