[cryptography] [SSL Observatory] After the dust settles -- what happens next? (v. Long)

Joe St Sauver joe at oregon.uoregon.edu
Mon Sep 12 16:58:01 EDT 2011


Peter Gutmann <pgut001 at cs.auckland.ac.nz> commented:

#[0] I'm being conservative here, in practice I don't recall seeing anyone
#    expressing faith in PKI, but I didn't read every one of the vast numbers
#    of comments.

Well, I'd suggest that NIST 800-63 
(http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf)
provides at least an organizational endorsement of PKI since I don't
see how you'd pragmatically get to LOA 4 (section 8.2.4 on PDF page 47)
*without* using PKI.

Are there other alternatives that people have deployed to get to LOA 4?

Regards,

Joe



More information about the cryptography mailing list