Eliot Lear wrote:
What I was referring to was
Ohta-san's implication that PKI is fundamentally flawed. Perhaps it is,
Perhaps.
Though my statement so far is PKI is not strongly secure, it implies
that you can choose from equally secure design alternatives.
See below.
but I don't see anything better for key distribution to millions of
people. If you, he, or anyone else comes up with something better, I'm
all ears.
Though I'm not so sure about your requirement, if you need fairly
secure key distribution mechanism over the Internet, KDC, not CA,
based schems such as Kerberos, is better than PKI.
Though KDCs require real time communication, it's free over the
Internet.
Moreover, because key distribution is in real time, key invalidation
is instantaneous without complex mechanisms such as CRLs. That is, you
can shutdown spam site instantaneously.
Or, as you are trying to create a new key distribution network from
the beginning, it should be easier to create a new mail distribution
network from the beginning where mails are allowed only between
pre-recognized bodies.
A very good property of this approach is that we don't need any
cryptography nor new protocol. Just have a list of IP addresses of
thousands or tens of thousands of root mail servers and set up our
mail software to accept mails only from them or our own proxy and
send mails only to them through proxies registered to a root mail
server or two or three...
Setting up a new mail network is hard but, IMHO, much easier than
setting up a new PKI.
Though neither of the above protect us spams from cracked accounts,
we are not annoyed by delays with CRLs.
Of course, CAs, ISPs, KDCs and root mail servers are not very
trustworthy but they should increase the cost of spammers.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf