Hallam-Baker, Phillip wrote:
Security is a property of systems and not of technologies.
Yes, of course. Though some often claims PKI were cryptographically
secure, it does not mean PKI is strongly secure. Cookies, too, are
cryptographically secure.
In particular security is risk management and not the elimination
of all risk.
So, I, quite constructively, showed how to archieve strong security
by securely sharing security information directly between the first
and the second party. It eliminates intermediate intelligent entities
and gives the ultimate (fate sharing) security archived by the end
to end principle.
On the other hand, you and others merely stating possibility that
some PKI could be made fairly secure if all the operational rules
could be observed by all the operators.
PKI provides opportunities for technical risk mitigation which are
not available in normal circumstances.
That's a totally unfounded statement and is not constructive.
For example the root keys associated with high security embedded
Security is a property of systems and not of parts of systems.
Backbone routers can be protected equally securely.
Such operational controls are not likely to be acceptable to network
administrators at your average ISP.
Nor to PKI administrators near leaf where keys must be accessed
often to generate CAs.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf