todd glassey wrote:
So, you merely believe that the infrastructure of PKI is well
managed.
How the PKI process is managed is not generally part of the PKI Model
itself and that is what most ISP's and Network Geeks totally miss...
sorta like you did.
So are ISPs and telcos.
Secure operations of CAs, ISPs, telcos and banks are required by law,
which does not assure they observe legal rules.
You can believe that the infrastructure of the Internet is well
managed, eaqually easilly.
Actually it is... considering how many people use it for business and
personal use on a continuous basis.. Its one of the mostr reliable
things on this planet today.
So are telephone, financial and most other networks without PKI,
though they are considered weakly secure, which is why strong
security is required by some RFCs.
Even if you change the definition and call them strongly secure,
it does not affect the fact that PKI does NOT make them strongly
secure.
a few hours as I recal
In general, CRL issue interval is a lot longer than a few hours,
I'm afraid, which is a cryptographical weakness of PKI compared
to shared key infrastructures with KDCs. In that sense, PKI is
less secure than the Internet.
and no one really got dinged so I would say it wasnt the PKI that
failed but the Human Operations Processes on top of that...
Human operation is not on top of but within PKI, which is why PKI
is merely weakly secure.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf