On Wed, 14 Jan 2004, Meng Weng Wong wrote:
The biggest concern for most users is a future where
- the DomainKey has to be rooted in a certificate chain owned by a
select group of registrars
I really would like to see a "web of trust" like is used
for pgp, but for PKI keys that are used to automatically
negotiate encryption and/or authentication.
This would include IPSEC, SSL and hopefully the domain
keys mentioned above.
Having such a web of trust, we can:
- avoid the high cost of SSL certs from a commercial root
- do other nice things, like ipsec between dynamic IP
addresses
Of course, we will need to come up with a way to securely
store the addresses and make sure the right user is still
using it. This probably isn't as hard as it seems ...
If there is a web of trust, the user can have his personal
key (signed by others) on a floppy or usb keyfob and protected
with a password. That personal key can be used to sign a key
that is not password protected, used for automatic negotiation
of encryption and valid for a limited time (say, a month).
That way the web of trust isn't broken when a breakin happens.
kind regards,
Rik
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡