[cryptography] Tell Grandma to remember the Key ID and forget the phone number. [was: Re: Let's go back to the beginning on this]
jon at callas.org
Mon Sep 26 12:16:47 EDT 2011
> Drill Grandma on one thing:
> FORGET THE TELEPHONE NUMBER. REMEMBER THE KEY ID.
> If she's smart enough to know to write down or remember the telephone
> number, she's smart enough to re-channel that to the Key ID.
> Merchants and banks proudly and prominently display their Key IDs on
> their front pages and with all ads likely to catch Grandma's eye.
> The rest is done by a local or on-line cryptographically-secure
> directory indexed by Key ID.
> Now retire the CAs and forget about them.
That's a big if. It's an if that's so big that it's guaranteed to be false. Human beings don't do very well remembering such things. It's worse if you want to roll them over periodically.
Now what you're suggesting could work if you did something like made some directories that stored the key IDs and web sites they belonged to. This could be something that could easily be stored in Google, Yahoo!, or Bing, for example. This has a downside of a privacy leak every time someone wants to look one up.
If that privacy leak bothers you, or you want to offload the lookup requests from the search engine infrastructure, we could always store it on the web server itself. A digital signature would provide the proper integrity check.
And yes, with that system, we could retire the CAs.
More information about the cryptography