On Tue, 17 Aug 2010 15:04:00 +0300 Alexander Klimov <alser...@inbox.ru> wrote: > On Sat, 31 Jul 2010, Perry E. Metzger wrote: > > There is no rational reason at all that someone should "endorse" a > > key when it is possible to simply do a real time check for > > authorization. There is no reason to sign a key when you can just > > check if the key is in a database. > > Each real-time check reveals your interest in the check. What about > privacy implications?
Well, OCSP and such already do online checks in real time, so there is no difference there between my view of the world and what people claim should be done for certificates. The more interesting question is whether the crypto protocols people can come up with ways of doing online checks for information about keys that don't reveal information about what is being asked for. That would help in both the certificate and non-certificate versions of such checks. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com