PKI creed (was Re: Trustworthy contacts)

[Brian Gladman]

----- Original Message -----
From: "Carl Ellison" <cme@acm.org>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: Thursday, September 14, 2000 2:35 PM
Subject: PKI creed (was Re: Trustworthy contacts)


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 02:17 PM 9/14/00 +0100, David Howe wrote:
> >Owen Lewis <oml@eloka.demon.co.uk> wrote:
> >> Interesting. Certainly one is never in a hierarchical relationship with
> >> customers. Yet PKI offers little of especial for some such
relationships.
> >It solves the hard Key Distribution problem - if you wish to communicate
> >securely with a customer, having to courier keymat (at your expense) to
that
> >customer before you can set up the link is prohibitively expensive;
> >exchanging (or better yet, negotiating) a key using PK is cheap and
> >effective.
>
>
> PKI does not solve the Key Distribution problem, no matter how strongly
and
> attractively Diffie and Hellman said it does.

PKC does, however, change the nature of the key distribution problem and
does reduce the difficulties involved in some of its aspects (when used
appropriately).

As you say, it certainly introduces the naming problem and here it is
somewhat ironic that we should now be discussing hierarchy since the lack of
effective mechanisms for handling real world naming issues is partly the
result of standards designed to cope only with a world in which names are
unique because they can always be identified by a unique path in a
hierarchical directory structure.  At the time it might have been hard to do
anything different but now that we know better it seems even harder to
change the direction in which this particular juggernaut is travelling.

Despite SDSI and approaches that build on relationships between local
namespaces - which offer a closer match to the real world - most systems
designers still seem to be locked into a hierarcical world, being content to
leave end users to fall into the nasty traps that this can spring on them.
:-(

     Brian