Chains of trust vs. PKI


Resting our whole authentication framework on PKI isn't the right way
to go about things.  Read Ellison and Schneier, "Ten Risks of PKI":

http://www.schneier.com/paper-pki.html

I would much rather see an SPKI-like approach to naming, in which we
use local information to bind locally meaningful names to public
keys.  This is a far better fit to practical security problems.  At
the very least, if you can persuade yourself to think the SPKI way for
a moment it will give you an entirely different perspective on many
issues to do with naming.

See also Zooko's triangle:

http://zooko.com/distnames.html
-- 
  __  Paul Crowley
\/ o\ sig(_at_)paul(_dot_)ciphergoth(_dot_)org
/\__/ http://www.ciphergoth.org/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a few short notes, (continued) Re: a few short notes, Chuq Von Rospach Message not available Re: a few short notes, Chuq Von Rospach Anonymity, Jacob Palme Re: a few short notes, Martin Duerst Re: a few short notes, James Craig Burley Re: a few short notes, Jari Arkko Re: a few short notes, Eric A. Hall Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Paul Smith Chains of trust vs. PKI, Paul Crowley <= Re: a few short notes, Eric A. Hall Re: a few short notes, Iljitsch van Beijnum Re: a few short notes, Paul Smith Re: a few short notes, Martin Duerst

Previous by Date:	Re: a few short notes, Paul Smith
Next by Date:	Re: a few short notes, Eric A. Hall
Previous by Thread:	Re: a few short notes, Paul Smith
Next by Thread:	Re: a few short notes, Eric A. Hall
Indexes:	[Date] [Thread] [Top] [All Lists]