On 09/18/2011 11:57 AM, Peter Gutmann wrote:
Arshad Noor<arshad.n...@strongauth.com> writes:
Are there weaknesses in PKI? Undoubtedly! But, there are failures in every
ecosystem. The intelligent response to "certificate manufacturing and
distribution" weaknesses is to improve the quality of the ecosystem - not
throw the baby out with the bath-water.
The intelligent response to the failure of PKI is to look at what the real
threats are and to act to counter them.
Agreed. However, I don't see us talking about the two biggest threats
to PKI - or any ecosystem, for that matter:
1) Ignorance - the vendor community has dumbed down users for the last
20-years to the point that they have suspended rational thought even
when its in their own self-interest. However, this is forgivable
because people sometimes have higher priorities, and they expect
that experts are looking out for them;
2) The cynicism of "experts" that prevents true progress from occurring
every time an idea, however unorthodox or difficult, is presented.
While a healthy debate is essential to the formulation of good
solution, cynicism is grand-standing at its worst.
"Fixing PKI" is about as useful as
inventing a more cromulent type of unicorn repellant.
It is my assertion that the problems with PKI are "manufacturing and
distribution" problems that can be solved. One can build simple and
secure PKIs just as one can build Rube Goldberg-like database
applications; yet no one goes around talking about "fixing databases"
as if they were lost causes - they just fix them.
Arshad Noor
StrongAuth, Inc.
P.S. May I recommend this poem? Far, far better people than I have
solved bigger problems, getting encouragement from its words:
Invictus - William Ernest Henley (http://www.bartleby.com/103/7.html)
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
