ietf-smime
[Top] [All Lists]

Re: Re (subtopic): LDAP certificate distribution

2003-08-18 04:35:17

On Fri, Aug 15, 2003 at 10:30:11AM -0700, Steve Hole wrote:

On Thu, 14 Aug 2003 19:58:11 -0700 Julien Pierre 
<jpierre(_at_)netscape(_dot_)com> 
wrote:

Why ?

Because you have to run a root.  That is, the hierarchy has to have a top 
level interconnect.

really?

I believe RSA works fine both for subject name matching issuer name
and for any other subject name. One could put trust directly in some
CA certificate (say, a corporation-wide one) and it could be root,
self-signed or otherwise. Fine-tuned client software is the point

  This quickly becomes an issue of governance.   
National goverments get involved the way they got involved in DNS.   The 
difference is that the governments got involved *before* the service was 
running, not after the way they did with DNS.

One can easily sign with DSS/DSA using widely distributed quorum system,
maybe Shamir secret-sharing one. No single one would own
the signing key and it could be generated in shares right from the start

regards,
Vadim


<Prev in Thread] Current Thread [Next in Thread>