Re: New Method for Authenticated Public Key Exchange without Digital Certificates
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 08/09/04
- Next message: Mok-Kong Shen: "Re: Encrypted e-mail - what are the laws?"
- Previous message: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- In reply to: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Next in thread: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Reply: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 08 Aug 2004 17:36:20 -0600
Mok-Kong Shen <mok-kong.shen@t-online.de> writes:
> If I don't err, you failed to comment on my points that digital
> signatures (of a certain quality) is legal in Germany and that there
> are CAs doing business (and apparently not poorly). Another point is
> that digital signatures can have other uses, i.e. outside of
> e-commerce.
governments can pass any laws they want to ... and make anything
legal they want to ... just by passing a law.
that doesn't mean that the law that they pass conforms to any commonly
accepted business practice ... and/or will even standup in court in
the event of litigation.
It is possible for laws to sanction business practices that previously
weren't sanctioned.
All of that is true. I have said a lot of things in support of digital
signatures.
What i've said is that when relying parties have access to the real
information in online operations ... then certificates are redundant
and superfluous.
The issue that i've constantly raised is that certificates were
specifically designed for the offline credential problem ... where the
certificates/credentials are better than nothing.
The issue is trying to apply offline credential based model to
environments that are rapidly becoming online authentication based
model. Typically there can be significantly greater risk mitigation
with the online authentication based model ... where every transaction
passes through the legal & financially responsible authoritative
agency.
The primary purpose for the offline credential based model is the
unavailability of online connectivity and/or the cost of doing every
operations online. The problem that the offline credential based model
infrastructure is facing is that 1) online connectivity is becoming
ubiquitous and 2) the cost of online operations is drastically falling.
The significant change in online availability and cost is greatly
diminishing the market niches that the offline credential based model
was designed to address.
Furthermore ... the inclusion of an certificate in an online
autentication based model operation can be trivially shown to be
redundant and superfluous.
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Next message: Mok-Kong Shen: "Re: Encrypted e-mail - what are the laws?"
- Previous message: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- In reply to: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Next in thread: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Reply: Mok-Kong Shen: "Re: New Method for Authenticated Public Key Exchange without Digital Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
