pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PEM concept and usage

1994-03-31 12:29:00
from [jueneman%wotan] [Permanent Link] 
Ted,


Meanwhile, we haven't even been able to get our act together to generate
a PEM root key; my understanding is that this at least partially related
to the liability involved in running a root which *everyone* has to
trust, although there may be other show stoppers as well.


That is an issue I can be very sympathetic to. I sure as hell wouldn't
undertake such a liability, especially for free!

Maybe we ought to confront this issue head-on as well. I see two ways 
around this problem:

1. Get one or more sovereign governments to undertake the responsibility, since
the circumstances under which governments can be sued are quite limited.
Unfortunately, the issue of which government would be sufficiently 
trusted would arise, and the very fact that they probably can't be sued
might encourage a certain sloppiness. I can just see the security of the
entire PKC infrastructure depending on some bored GS-6 clerk. Maybe multiple
governments could sign the PCA keys. Maybe the charter of the United Nations
should be amended to add this additional function. Maybe Dante's Inferno will
freeze over first.

2. Abandon the notion of using the IPRA to sign all of the certificates
of all of the PCAs, and use a direct trust model to install self-signed PCA 
certificate(s) in the user's software. That is what will have to be done with
the IPRA certificate in any case.

This would clearly be a better approach. Particularly for the higher assurance
hierarchies, contracts will exist between the PCA and the various CAs, 
providing 
a trustworthy, out of band means of distributing the certificate. In addition, 
the
PCAs could publish their own keys on bulletin boards, and occasionally print 
notices in the major newspapers and perhaps the Federal Register as to what 
their public keys are.

This doesn't mean that the IPRA would suddenly be without any function.
The problem of coordinating residential users across different PCAs is still 
there, and perhaps there is merit in having the IPRA make CRLs from
different PCAs more readily available. The IPRA could and should do some of
the publicity functions also, particularly in publishing a FAQ, lists of PCAs 
and
their policies, maybe running a WWW server and a freeware repository.

But these problems don't involve trust, and should be much less controversial.

I'd be interested in your comments on my recent reply to Rhys Weatherley 
the publicity problem. How should we be getting the word out to people?

Bob
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: E-mail address mappings, Mk 2, jueneman%wotan
Previous by Thread:  Re: PEM concept and usage, Theodore Ts'o
Next by Thread:  please, add me to he list. thanks., Joerg Reichelt
Indexes:  [Date] [Thread] [Top] [All Lists]