PKI creed (was Re: Trustworthy contacts)
Dave Bird
ukcrypto at maillist.ox.ac.uk
Thu, 14 Sep 2000 21:31:22 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <3.0.5.32.20000914063541.0082ec40@spiritone.com>, Carl
Ellison <cme@acm.org> writes
>This is a mistake Diffie and Hellman made in their original paper -- that
>has been propagated down through the decades. They said to build a
>directory of names to keys, then you can look me up in the directory, get my
>key and send me a message. Fine theory. How do you find me in the
>directory? You can't use a name. There are too many Carl Ellison entries.
Well, I have argued a model in which we deal with identity much as we
do in the everyday world but then add public keys on top. For example,
to find out who the hell you were in practical terms, I would ask a
couple of people I know at ACM. I would expect your key to be signed
by the ACM organisational key and, if I didn't have that, I'd ask
my friends to send me a signed copy of the ACM key or key fingerprint.
In article <3.0.5.32.20000914074024.009b02c0@spiritone.com>, Carl
Ellison <cme@acm.org> writes
>Yes, it's a good observation. How do you send me e-mail? Usually, it's by
>reply to a message I sent.
I get NEW email contacts usually by personal introduction for personal
matters, and though the contact being offered by an organisation as
the person responsible in organisational matters.
Actually it's quite instructive to ask whore one gets telephone numbers
from. Most calls are responses to the same old people. New ones are
often got via friends or at personal meetings. Organisational ones are
provided by organisations. Rarely does one resort to public directories
- --
^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/
(..)__u news:alt.smoking.mooses
happy as a clam at high tide -. <_" .-._.-.
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBOcE1mX8v/Y5zkfRPEQKp3wCfftfLCmy9+IsSqdnQGu7I3/tHDAoAoLfc
MnFFaAeeN+UsyiykknZDmFe5
=TatN
-----END PGP SIGNATURE-----