[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?

Kim Holburn kim at holburn.net
Sun Aug 15 21:10:22 AEST 2010

On 2010/Aug/15, at 4:46 PM, Stephen Wilson wrote:
> Kim Holburn wrote:
>> Because our models of authentication don't scale (yet) - not to
>> internet levels.
> What would 'Internet scale' authentication look like?  What would it
> provide, and what would it be used for?

Off the top of my head:

It sounds like we're trying to map a mathematical encryption model  
onto a human trust system.  That mapping could only map to a very  
small part of a human trust system.

Internet scale: Hmmm.... security of transactions between users and  
websites on a world-wide basis?  International as opposed to in- 
country business.  We don't really have a normal way to trust  
businesses in other countries do we?  What if things go wrong?  But we  
are doing it all the time these days.

Perhaps the whole idea of a PKI as a solid thing that somehow mirrors  
what we have with paper and human communication is just not possible.   
Certainly not at an international level where we have no model  
anyway.  The internet is much more volatile and also wide ranging,  
both geographically and in terms of types of interactions compared  
with any normal human process.

If PK encryption can encrypt transactions perhaps that's all we can  
expect.  I don't think we can load it with other parts of human  
communication and trust.

Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list