PKI deserves to die
Jun. 11th, 2002 11:43 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothIn response http://www2.cio.com/research/security/edit/a05232002.html
From: Carl Ellison <cme@acm.org>
Subject: Re: PKI: Only Mostly Dead
Scott,
as far as I'm concerned PKI is not only dying, it deserves to die
much more quickly. That's because when it works, it still doesn't
work.
See the two papers to which I contributed at last month's PKI
Research Workshop http://www.cs.dartmouth.edu/~pki02/
Look especially at what we call the John Wilson problem. In a
nutshell, if you bind a name to a key, even if you do that always
accurately and even if your certificates interoperate with my
software, you have done nothing for me if there are more than about
1000 certified people in the world. That's because there are too
many John Wilsons. I can't tell them apart by name, when you lump
them all together into one big pool (the pool of all people the CA
certifies -- e.g., a big one like VeriSign -- or a little one like
Intel Corporation with only 70,000 and 8 John Wilsons). If I can't
tell them apart (and people can't -- for which we have definite
proof), then I am forced to make a guess as to which one is the right
one -- if the right one is represented at all -- and when I'm handed
a certificate saying that this S/MIME message or HTTPS page came from
John Wilson, I'm not given the list of all John Wilsons, so I don't
even get to compare them to see which one looks like the closest
match.
PKI deserves to die not because of vendor greed, although there is
plenty of that, but because the original idea was wrong. When you
bind a person's name to a public key you have not identified the key
in a way that is useful to me. That's because if I know the name of
the keyholder, I still don't know who the keyholder is.
- Carl
P.S. I strongly recommend your reading those papers in the preprints
available at the PKI Workshop web site.+------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://world.std.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
Re: "PKI needs more than a name"
Date: 2002-06-11 06:14 am (UTC)Does that make sense? I'm speaking from a position of complete ignorance (but considerable interest) here :)
Okay, I just worked out what 2^80 is :) I'd say 1,208,925,819,614,629,174,706,176 is a fair bit larger than the total pool of email users for the foreseeable future. I'm with the 'negligible chance' vote here *laugh*
Regards,
Denny
Re: "PKI needs more than a name"
Date: 2002-06-11 06:21 am (UTC)Re: "PKI needs more than a name"
Date: 2002-06-11 06:36 am (UTC)Good for you - I didn't.
Therefore I worked it out and posted it for the benefit of any slow types like myself who are very interested and trying hard to follow the conversation. I find it easier to gain an emotional appreciation of the expanded form of the number than I do to gain any feel for the exponent form (or whatever that notation is called).
I'm with you in that I don't understand what's wrong with using an email address as the unique identifier, but I guess I'll just keep reading the arguments until the light dawns on me (possibly).
Regards,
Denny
Re: "PKI needs more than a name"
Date: 2002-06-11 06:34 am (UTC)