James A. Donald wrote:
The problem is organizational. To get one decision
centrally made and imposed on everyone requires a
central body capable of making decisions and imposing
them on everyone, and before it can get that authority,
that central body usually has to raze Atlanta and burn
the crops, or inflict genocidal famine on the Ukraine.
The great strength and great weakness of the internet is
that it is an anarchy. Anything that requires one
decision made for all, such as the domain name system,
got frozen when the internet became too large for
decision making by consensus, and is now extremely
difficult to change.
So to make changes, they have to be made incrementally:
You need a CA with the proposed policy and a deal with
several registrars, and that CA needs to get on the
Mozilla and IE list. Nice selling point. If you
register with, say OpenSRS, you would automatically get
an SSL cert. Unfortunately, the certification process
for a CA to get on the browser list seems to be somewhat
circular - to be a CA, you have to prove you are like
existing CAs, which is most easily done if you *are* an
existing CA, and have no intention of changing the way
you work.
re:
http://www.garlic.com/~lynn/aadsm27.htm#14 307 digit number factored
http://www.garlic.com/~lynn/aadsm27.htm#15 307 digit number factored
... that could be the short term view ... as well as dealing
with established operation ... having been around since before
the current CA stuff started ... and somewhat involved in
helping get the current infrastructure established
(from the standpoint of its inception for what is now
called electronic commerce ... and having to do detailed
business process & technical walk thru and audit of the early
certification authority players) ... the issue is more how to
replace something once it was established (i.e. the current
infrastructure somewhat got fast uptake ... because it didn't have
alternative solutions to deal with).
re:
http://www.garlic.com/~lynn/aadsm27.htm#16 dnssec?
http://www.garlic.com/~lynn/aadsm27.htm#17 dnssec?
somewhat topic drift with DNS related trivia ... more than a decade before
DNS
http://www.garlic.com/~lynn/2007k.html#33
and some old email (predating dns) suggesting online, realtime public key
server
http://www.garlic.com/~lynn/2006w.html#email810515
in this post
http://www.garlic.com/~lynn/2006w.htmL#12
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
