[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-saag
Subject: Re: [saag] [pkix] fyi: CA/Browser Forum (CABF) reform deliberations + Revocation and TLS/SSL Replace
From: Phillip Hallam-Baker <hallam () gmail ! com>
Date: 2012-05-17 6:38:32
Message-ID: CAMm+Lwhd7mB4W42YS3GUQprRxZScpiXntG0RJn_anvx3+hQ39Q () mail ! gmail ! com
[Download RAW message or body]
SK is a TTP system as the notaries are still trusted to provide
availability even if the other aspects of operation are
cryptographically constrained against default.
A group of notaries could collude to establish a cartel and extract
functional pricing for their services if there was a sufficiently
large number of relying parties.
Alternatively they can simply publish a key for party X and then
ransom it to the legitimate owner of the domain.
SK is a silly, silly scheme that should be laughed off the stage. It
punts on all the hard problems of PKI by asserting an administrative
model that is ludicrous. 'google.com' must be worth a couple of
billion dollars at least. I cannot see anyone with a valuable domain
name risking it to a scheme that has revocation mechanism in case of
administrative error.
'Don't make mistakes' is not a viable administrative approach.
On Wed, Mar 28, 2012 at 6:10 PM, Ben Laurie <ben@links.org> wrote:
>
>
> On Wed, Mar 28, 2012 at 8:02 AM, =JeffH <Jeff.Hodges@kingsmountain.com>
> wrote:
>>
>> The CA/Browser Forum (CABF) was mentioned a few times during this very
>> interesting presentation in the PKIX session at IETF-83 Paris yesterday...
>>
>> Trust-Related Activities:
>> Internet Certification Authorities
>> Revocation and SSL Replacements/Enhancements
>> https://www.ietf.org/proceedings/83/slides/slides-83-pkix-10.pdf
>
>
> Hmmm...
>
> a) Doesn't mention Certificate Transparency.
>
> b) Thinks Sovereign Keys (and presumably, had they mentioned it, CT) is a
> TTP, which is incorrect.
>
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
>
--
Website: http://hallambaker.com/
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic