Seems to me that if it is a chain (?) ...
Then it is only as strong as its weakest link, which ever link it might
be...\Stef
At 20:11 -0700 6/9/03, Hallam-Baker, Phillip wrote:
Number of steps is not a determinant of security.
Strength of each step and of the agregate chain is what matters.
Strength comes from discipline and process.
The surest way to create insecurity is to fear everything you cannot control
-----Original Message-----
From: Christian Huitema
Sent: Mon Jun 09 17:32:51 2003
To: Hallam-Baker, Phillip; ietf(_at_)ietf(_dot_)org
Subject: RE: Certificate / CPS issues
I dispute the lower risk claim. You have more control. More control
does
not mean less risk.
The PKI and the PGP model both have risks, just different risks. The PGP
model only involves the two parties; it brings the risk that the two
parties misidentify each other. The PKI model involves a third party,
supposedly trusted by both players; it brings the risk that the third
party may make mistakes, or that the two parties mistakenly assign too
much trust to a third party. Also, any large centralized service is
bound to become a target for government and other entities.
-- Christian Huitema