[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?
kim at holburn.net
Sun Aug 15 21:10:22 AEST 2010
On 2010/Aug/15, at 4:46 PM, Stephen Wilson wrote:
> Kim Holburn wrote:
>> Because our models of authentication don't scale (yet) - not to
>> internet levels.
> What would 'Internet scale' authentication look like? What would it
> provide, and what would it be used for?
Off the top of my head:
It sounds like we're trying to map a mathematical encryption model
onto a human trust system. That mapping could only map to a very
small part of a human trust system.
Internet scale: Hmmm.... security of transactions between users and
websites on a world-wide basis? International as opposed to in-
country business. We don't really have a normal way to trust
businesses in other countries do we? What if things go wrong? But we
are doing it all the time these days.
Perhaps the whole idea of a PKI as a solid thing that somehow mirrors
what we have with paper and human communication is just not possible.
Certainly not at an international level where we have no model
anyway. The internet is much more volatile and also wide ranging,
both geographically and in terms of types of interactions compared
with any normal human process.
If PK encryption can encrypt transactions perhaps that's all we can
expect. I don't think we can load it with other parts of human
communication and trust.
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link