[cryptography] Math corrections

ianG iang at iang.org
Thu Sep 22 06:31:56 EDT 2011

Hi Arshad,

It occurs to me that we're almost there.

On 22/09/11 02:30 AM, Arshad Noor wrote:
> Thirdly, lets assume that the compromised CA has *explicitly* entered
> into a cross-certification agreement with one or more other TTP CAs.

Right, they got themselves listed by the browsers, who hid the CAs under 
dialog-camo. This is Peter's universal implicit cross-certification.

That fact.  Plus this result:
> Are there problems with PKI?  I have already said, undoubtedly.  But,
> these are "certificate manufacturing and distribution" problems that
> must be addressed.  They are not a fundamental weakness of PKI itself.

And we're there.  Causality.  To address the certificate manufacturing 
and distribution problem (aka the race to the bottom) then you need to 
address the universal implicit cross-certification.

> P.S.  The use of the term "universal implicit cross-certification"
> only serves to add confusion to an already complex field; you are the
> only one that uses it (3 of the top 5 responses in a Google search
> of this term are from this thread; the remaining two come from your
> paper and presentation at IDTrust from some years ago).  It took me
> a while to realize that its just your term for "independent trust-
> chains" in the browser.  It might help the PKI community if we called
> a spade a spade.  Thank you.

Probably what is confusing to the PKI community is that you've stepped 
outside your theoretical models into the world of business.  In 
business, if we certify and hide, then we start a race to the bottom.

This is why branding is so important in business;  because it gives the 
company a reason to establish a quality.  In the CA world, the decision 
of the vendors to unbrand the CAs caused them to not need a quality 
approach, just a compliance approach.

It's not personal :) It's just business.

You see the same effect of compliance in other industries, the famous 
example we talk about is Sarbanes-Oxley and securitization and the race 
to global bankruptcy  :)


More information about the cryptography mailing list