-- Peter Gutmann > Long before the discussion on this list, there were > already missionaries coming to the ietf-tls list to > enlighten the heathens who dared to mention PSK and > remind them of their duty to support PKI in all its > infinite perfection, and not to take any false gods > before it.
For PKI to have all these wonderful benefits, everyone needs his own certificate. But the masses have not come to the party, in part because of the rather Orwellian requirements. Obviously I cannot get a certificate testifying that I am the one true James Donald, because I probably am not. So I have to get a certificate saying I am the one true James Donald SS xxx-xx-xxxx - the number of the beast. Capitalism 101: The customer is always right. The customer wants to use passwords. The customer has decided. So shall it be. So we are going to base identity and security on passwords. If we are going to supplement the users password with a nicely random number stored in his computer, we should put the random number in his bookmark, so that the the user conceives of it as his secret web page, rather than his certificate. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG hrytA7Ym/9GHqXZ4CwiYi3aZrSwObH1bY7OKGXtY 4LcDIdLEhX7k8XcxPbgYmyqtGvkldcTESn1xhERwk --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]