PKI creed (was Re: Trustworthy contacts)
Carl Ellison
ukcrypto at maillist.ox.ac.uk
14 Sep 2000 06:35:41 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 02:17 PM 9/14/00 +0100, David Howe wrote:
>Owen Lewis <oml@eloka.demon.co.uk> wrote:
>> Interesting. Certainly one is never in a hierarchical relationship with
>> customers. Yet PKI offers little of especial for some such relationships.
>It solves the hard Key Distribution problem - if you wish to communicate
>securely with a customer, having to courier keymat (at your expense) to that
>customer before you can set up the link is prohibitively expensive;
>exchanging (or better yet, negotiating) a key using PK is cheap and
>effective.
PKI does not solve the Key Distribution problem, no matter how strongly and
attractively Diffie and Hellman said it does.
PKI binds a key to a name, assuming the CA is trustworthy and that you have
already solved the Key Distribution problem for the CA key itself.
However, what Diffie and Hellman missed is that you are now left with a Name
Distribution problem -- exactly as difficult as the original Key
Distribution problem -- with the CA Key Distribution problem on top of that
and the CA trust problem on top of both of those.
This is a mistake Diffie and Hellman made in their original paper -- that
has been propagated down through the decades. They said to build a
directory of names to keys, then you can look me up in the directory, get my
key and send me a message. Fine theory. How do you find me in the
directory? You can't use a name. There are too many Carl Ellison entries.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQA/AwUBOcDULHPxfjyW5ytxEQKb5gCeMASYGrSnckyX7GsOc/gsi3UN6hMAoMQ3
DU3IbOoC9g0gJjMv5yi5JDSF
=tzSU
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+