Re: PKIs and trust

I think Keith has mixed up authentication with authorization.  It is 
true that I will only trust certain people in certain ways.  But > whether 
those certain people are who they are, and whether a message > from is in 
fact from them, is something we can determine with PKIs.


No it's not, because the CAs aren't trustworthy for all purposes. 

The example I used to give was that I'd never trust the US government's
certificate of Phil Zimmerman's key, because the US government had plenty of 
reasons to misrepresent Phil Zimmerman.   Similarly I wouldn't
trust VeriSign's certificate to verify the signature on anything that had to do 
with DNS governance.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: PKIs and trust, (continued) Re: PKIs and trust, Masataka Ohta RE: PKIs and trust, Al Arsenault Re: PKIs and trust, Masataka Ohta Re: PKIs and trust, Valdis . Kletnieks Re: PKIs and trust, Paul Hoffman / IMC Re: PKIs and trust, Valdis . Kletnieks Re: PKIs and trust, Paul Hoffman / IMC Re: PKIs and trust, Valdis . Kletnieks Re: PKIs and trust, Eliot Lear Re: PKIs and trust, Leif Johansson Re: PKIs and trust, Keith Moore <= RE: PKIs and trust, Tony Hain Re: PKIs and trust, Neal McBurnett Message not available Re: PKIs and trust, Keith Moore Re: PKIs and trust, Masataka Ohta Re: PKIs and trust, Leif Johansson Re: PKIs and trust, Valdis . Kletnieks Re: PKIs and trust, Keith Moore Re: PKIs and trust, Stephen Kent Re: PKIs and trust, Masataka Ohta Re: PKIs and trust, Stephen Kent

Previous by Date:	Re: /48 micro allocations for v6 root servers, was: national security, Iljitsch van Beijnum
Next by Date:	Re: PKIs and trust, Masataka Ohta
Previous by Thread:	Re: PKIs and trust, Leif Johansson
Next by Thread:	RE: PKIs and trust, Tony Hain
Indexes:	[Date] [Thread] [Top] [All Lists]