Re: Is symmetric key distribution equivalent to symmetric key generation?

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 08/25/05 

Date: Thu, 25 Aug 2005 11:44:51 -0600

re previous post:
http://www.garlic.com/~lynn/2005o.html#31 Is symmetric key distribution equivalent to symmetric key generation?

the issue in PKI, certification authorities, and digital signatures
doesn't actually eliminate

1) the recipient having their own trusted public key repository that
has public keys registered and loaded by some out-of-band trust
process

and/or

2) the sender needing to go thru some vetting process in the
registration of the sender's public key

it is just that the processes have been moved around and re-arraigned.

the issue is to address the scenario where the recipient has no prior
dealings with the sender, has no local repository about the sender
and/or has no online mechanism to contact about information the
sender.

the digital certificate is a stale, r/o representation of a process
that was performed at some time in the past ... and the receiver has
no other means possible for accessing the results of that process.

the digital certificate becomes redundant and superfluous when

1) the receiver is also the party responsible for the registration and
validation of the sender's information ... or

2) the receiver has a local repository representing the registration
and validation of the sender's information ... or

3) the receiver has direct online access to some other trusted entity
responsible for registratioin and validation of the sender's
information. 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Relevant Pages