Re: PKIs and trust
2003-12-14 12:37:16
At 2:14 PM -0500 12/14/03, Keith Moore wrote:
I'd put this a different way. Until PKIs are able to represent
the rich diversity of trust relationships that exist in the real
world, they are mere curiosities with marginal practical value.
Oh, please. Describe a trust relationship that cannot be
represented using current PKI technology (PKIX certs, S/MIME signed
messages, OpenPGP certs, OpenPGP signed messages, or SPKI certs).
I trust my boss to make statements about my job.
I trust my landlord to make statements about the house I rent from him.
I trust my mother and my siblings to make statements about my
immediate family.
I trust my mother and my siblings to make statements about the
identities of other family members.
I trust the State of Tennessee to make statements about the
identities of state agencies.
I trust state agencies to make statements about which they have
authority: (e.g. automobile licensing) but not to make statements
about things that are outside of their purview.
I trust the United States government to make statements about the
identifies of US government agencies.
I trust US government agencies to make statements about which the
agency has authority: (e.g. aircraft licensing, federal income tax)
but not to make statements about things which are outside of their
purview.
I trust my employer to make assertions about the identities of its
officers and/or other employees, for the purpose of establishing
identity for work-related communications, but not for other purposes.
Now if you can show me a tool that will translate statements like
the above (or other statements that ordinary humans can understand)
into data structures that existing PKI-based tools will interpret
reliably and correctly, I'll be extremely impressed.
All of those statements, assertions, and so on can be made in simple
signed messages. When you get a message with statements about your
job, you verify that the message has been signed using your boss'
public key. What's the problem here?
--Paul Hoffman, Director
--Internet Mail Consortium
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: ITU takes over?, (continued)
- RE: ITU takes over?, Paul Hoffman / IMC
- RE: ITU takes over?, Tony Hain
- Re[2]: ITU takes over?, Anthony G. Atkielski
- Message not available
- Re[2]: ITU takes over?, Anthony G. Atkielski
- PKIs and trust, Keith Moore
- Re: PKIs and trust, Paul Hoffman / IMC
- Re: PKIs and trust, Keith Moore
- Re: PKIs and trust,
Paul Hoffman / IMC <=
- Re: PKIs and trust, Keith Moore
- Re: PKIs and trust, Paul Hoffman / IMC
- Re: PKIs and trust, Leif Johansson
- Re: PKIs and trust, Masataka Ohta
- Re: PKIs and trust, Franck Martin
- Re: PKIs and trust, Valdis . Kletnieks
- Re: PKIs and trust, Keith Moore
- Re: PKIs and trust, Masataka Ohta
- Re: PKIs and trust, Masataka Ohta
- RE: PKIs and trust, Al Arsenault
|
|
|