Paul Wouters wrote:
I can't preload 50 million keys. I cannot build trust relations
with 50 millions domains. Just like we could not preload 50
million nameserver pointers.
That is the essential point of the paper of David Clark:
These certificates are principal components of essentially
all public key schemes, except those that are so small in
scale that the users can communicate their public keys to
each other one to one, in an ad hoc way that is mutually
trustworthy.
A credit card brand (VISA, for example) may manage more than
50 million PIN numbers. But, it uses agents to do so. The security
of the system depends on not only (cryptographical) security between
the brand holder and agents but also social security of the agents.
Though 4 digit PIN or 16 bit message ID of DNS is cryptographically
not very secure, it is a cryptographical issue of each hop, having
nothing to do with social security between hops, introduction of
which is inevitable for large infrastructures.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf