"Perry E. Metzger" <pe...@piermont.com> writes: >Inspired by recent discussion, these are my theses, which I hereby nail upon >the virtual church door:
Are we allowed to play peanut gallery for this? >1 If you can do an online check for the validity of a key, there is no > need for a long-lived signed certificate, since you could simply ask > a database in real time whether the holder of the key is authorized > to perform some action. Based on the ongoing discussion I've now had, both on-list and off, about blacklist-based key validity checking [0], I would like to propose an addition: The checking should follow the credit-card authorised/declined model, and not be based on blacklists (a.k.a. "the second dumbest idea in computer security", see http://www.ranum.com/security/computer_security/editorials/dumb/). (Oh yes, for a laugh, have a look at the X.509 approach to doing this. It's eighty-seven pages long, and that's not including the large number of other RFCs that it includes by reference: http://tools.ietf.org/html/rfc5055). > The signed certificate is completely superfluous. This is, I suspect, the reason for the vehement opposition to any kind of credit-card style validity checking of keys, if you were to introduce it, it would make both certificates and the entities that issue them superfluous. Peter. [0] It's kinda scary that it's taking this much debate to try and convince people that blacklists are not a valid means of dealing with arbitrarily delegatable capabilities. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com