Anne & Lynn Wheeler wrote:
i've periodically written on security proportional to risk ... small sample
http://www.garlic.com/~lynn/2001h.html#61
...
introductioin of PKI and certificates in such an environment may
actually create greater vulnerabilities ... since it may convince the
recipient to trust the PKI operation more than they trust their own,
direct knowledge ... and the PKI operation opens up more avenues of
compromise for the attackers.
Regarding PKI, the X.509 idea is not just to automate the process of reliance
but to do so without introducing vulnerabilities in the threat model considered
in the CPS.
What's a bit of a struggle, still, is that many people do not fully realize
that the CPS is outside the scope of PKI. This is both a solution (makes the
X.509 effort independent of local needs) and a big problem, as CAs (writers
of the CPS) have the power to write almost anything they want, including
their notorious DISCLAIMER (where _near_ everything of value to the subscriber
is disclaimed, while _everything_ of value to the user is disclaimed).
That's why its useful to compare X.509 / PKI, PGP, and IBE technologies
for secure email, to know what are the trade-offs.
By comparing the capabilities and faults of the secure email products
per technology used, these and other problems come up in the score card.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
