PKI creed (was Re: Trustworthy contacts)

[Ben Laurie]

Carl Ellison wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> At 02:17 PM 9/14/00 +0100, David Howe wrote:
> >Owen Lewis <oml@eloka.demon.co.uk> wrote:
> >> Interesting. Certainly one is never in a hierarchical relationship with
> >> customers. Yet PKI offers little of especial for some such relationships.
> >It solves the hard Key Distribution problem - if you wish to communicate
> >securely with a customer, having to courier keymat (at your expense) to that
> >customer before you can set up the link is prohibitively expensive;
> >exchanging (or better yet, negotiating) a key using PK is cheap and
> >effective.
> 
> PKI does not solve the Key Distribution problem, no matter how strongly and
> attractively Diffie and Hellman said it does.
> 
> PKI binds a key to a name, assuming the CA is trustworthy and that you have
> already solved the Key Distribution problem for the CA key itself.
> 
> However, what Diffie and Hellman missed is that you are now left with a Name
> Distribution problem -- exactly as difficult as the original Key
> Distribution problem -- with the CA Key Distribution problem on top of that
> and the CA trust problem on top of both of those.
> 
> This is a mistake Diffie and Hellman made in their original paper -- that
> has been propagated down through the decades.  They said to build a
> directory of names to keys, then you can look me up in the directory, get my
> key and send me a message.  Fine theory.  How do you find me in the
> directory?  You can't use a name.  There are too many Carl Ellison entries.

Hmmph. Old argument, and not a hugely good one in this context. I may
not be able to find Carl Ellison, but I can certainly find A.L. Digital
Ltd.: there is, and can only be, one.

So, I'm totally with you in the general case, but the argument doesn't
work so well with e-commerce server certificates.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

Coming to ApacheCon Europe 2000? http://apachecon.com/