Re: New Method for Authenticated Public Key Exchange without Digital Certificates

From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 08/08/04 

Date: Sun, 08 Aug 2004 01:45:29 +0200

Mok-Kong Shen wrote:

> Anne & Lynn Wheeler wrote:
>
>> ... on the off-hand chance that somewhere along the way you have
>> decided to talk about something else than Digital Certificates used in
>> the traditional CA/PKI context .... possibly we can go back and start
>> again with reference definitions .... these are from my merged
>> security taxonomy and glossary which can be found at:
>> http://www.garlic.com/~lynn/index.html#glosnote
>
> [snip]
>
> As said previously, you (thanfully but unnecessarily) gives
> too much infomrtions for my question(s). To repeat, what I
> claimed is that there must be some institution (no matter what
> its name actually is) that enjoys the trust of common people
> (hence in this sense 'autoritative') and testifies the
> correctness of certain essential information which assures
> (directly or indirectly) the security of the user transactions
> involved. That 'testifying' from it may not necessarily be
> directed to the end user, I suppose. But anyway, some
> 'certificates' (in some form) are issued by that 'authority'
> such that the whole system functions in practice. In this sense
> one needs some 'certifying authority' (whatever it is called
> actually).

Sorry for some (obvious) typos above.

Addendum: I guess that the said certifying stuff from the
said institution, even in case it is not directly seen by
the end users, is in most cases likely to be in the form of
a digital signature as commonly understood in the literature.

M. K. Shen

Quantcast