[cryptography] Math corrections
iang at iang.org
Thu Sep 22 06:31:56 EDT 2011
It occurs to me that we're almost there.
On 22/09/11 02:30 AM, Arshad Noor wrote:
> Thirdly, lets assume that the compromised CA has *explicitly* entered
> into a cross-certification agreement with one or more other TTP CAs.
Right, they got themselves listed by the browsers, who hid the CAs under
dialog-camo. This is Peter's universal implicit cross-certification.
That fact. Plus this result:
> Are there problems with PKI? I have already said, undoubtedly. But,
> these are "certificate manufacturing and distribution" problems that
> must be addressed. They are not a fundamental weakness of PKI itself.
And we're there. Causality. To address the certificate manufacturing
and distribution problem (aka the race to the bottom) then you need to
address the universal implicit cross-certification.
> P.S. The use of the term "universal implicit cross-certification"
> only serves to add confusion to an already complex field; you are the
> only one that uses it (3 of the top 5 responses in a Google search
> of this term are from this thread; the remaining two come from your
> paper and presentation at IDTrust from some years ago). It took me
> a while to realize that its just your term for "independent trust-
> chains" in the browser. It might help the PKI community if we called
> a spade a spade. Thank you.
Probably what is confusing to the PKI community is that you've stepped
outside your theoretical models into the world of business. In
business, if we certify and hide, then we start a race to the bottom.
This is why branding is so important in business; because it gives the
company a reason to establish a quality. In the CA world, the decision
of the vendors to unbrand the CAs caused them to not need a quality
approach, just a compliance approach.
It's not personal :) It's just business.
You see the same effect of compliance in other industries, the famous
example we talk about is Sarbanes-Oxley and securitization and the race
to global bankruptcy :)
More information about the cryptography