Is secure communications required?

Bob J> But if the security of the system depends in any way of the
certificate distribution mechanism, whether X.500 or something else,
then we have failed completely.  We _certainly_ should not be depending
on a secure protocol.

Rhys> While you are right that the security of certificates should not
depend on the security of the protocol, there are other issues.

This is the part of the PEM discussion where I always get lost.  I
realize that the certificates can be passed from hand-to-hand or any
other way that works, BUT, since non-repudiation is not possible unless
we are assured that no CRL is out-standing, secure communications to
assertain that fact is required.  Bob's conclusion would apply then, no?

Peace ..Tom

<Prev in Thread]	Current Thread	[Next in Thread>
Is secure communications required?, TCJones <= Re: Is secure communications required?, Mr Rhys Weatherley Using X.500 lookup protocols for PEM, Mr Rhys Weatherley Re: Is secure communications required?, Donald E. Eastlake 3rd (Beast) Is secure communications required?, TCJones Re: Is secure communications required?, Donald E. Eastlake 3rd (Beast)

Previous by Date:	Re: DNs, boomerangs, and other Revealed Truths, Mr Rhys Weatherley
Next by Date:	Re: Is secure communications required?, Mr Rhys Weatherley
Previous by Thread:	Re: DNs, boomerangs, and other Revealed Truths, Jueneman
Next by Thread:	Re: Is secure communications required?, Mr Rhys Weatherley
Indexes:	[Date] [Thread] [Top] [All Lists]