ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PKI is weakly secure (was Re: Updating the rules?)

2007-07-09 08:32:36
from [Stephen Kent] [Permanent Link] 
At 6:36 PM +0900 7/7/07, Masataka Ohta wrote:

Keith Moore wrote:


Also from the draft:
"At least for the strong security requirement of BCP 61 [RFC3365], the
Security Area, with the support of the IESG, has insisted that all
specifications include at least one mandatory-to-implement strong
security mechanism to guarantee universal interoperability."

I do not think this is a factual statement, at least when it comes to
HTTP, which is where my interest lies.


 note that it is not necessary to have at least one
 mandatory-to-implement strong security mechanism to guarantee


What, do you mean, strong security?

Given that CAs of PKI can be compromised as easily as ISPs
of the Internet, PKI is merely weakly secure as weakly as
the plain Internet.

                                                Masataka Ohta
The notion of CA compromise and ISP comprise are not completely comparable, which makes your comparison suspect.
Also, the security implications of errors (or sloppiness) by ISPs is very different from that of CAs, so I don't think your comparison makes sense in that regard as well. 

Steve

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Application knowledge of transport characteristics (was: Re: Domain Centric Administration), Douglas Otis
Next by Date:  Re: Updating the rules?, Peter Saint-Andre
Previous by Thread:  Re: PKI is weakly secure (was Re: Updating the rules?), Jun-ichiro itojun Hagino
Next by Thread:  Re: Updating the rules?, Sam Hartman
Indexes:  [Date] [Thread] [Top] [All Lists]