[cryptography] Client TLS Certificates - why not?

James A. Donald jamesd at echeque.com
Tue Mar 5 14:38:26 EST 2013


On 2013-03-06 1:18 AM, Jeffrey Walton wrote:
> That's Patient 0. Its the key distribution problem. Its the cause of
> all the troubles.
>
> Web of Trust, Hierarchy of Trust, DNSSEC/DANE, Sovereign Keys,
> Convergence, {Certificate|Public Key} Pinning, Key Continuity, etc are
> all band-aides for the first patient.

Wrong phrase.  You seldom want to distribute keys.  You want to 
distribute information about public keys.

Key distribution and key management should follow existing practice with 
managing non memorable email addresses, urls and guids, which 
approximates Zooko's triangle



More information about the cryptography mailing list