At 10:28 PM 9/16/04 +0200, Hadmut Danisch wrote: >Because PKC works for this Alice&Bob communication scheme. If you >connect to a web server, then what you want to know, or what >authentication means is: "Are you really www.somedomain.com?" >That's the Alice&Bob model. SSL is good for that.
What makes you think verislime or other CAs are authenticating? You can't sue them, they are 0wn3d by a State (and so can issue false certs, just like States issue false meatspace IDs), etc. >If I send you an encrypted e-mail, I do want that _you_ Ed Gerck, >can read it only. That's still the Alice&Bob model. PGP and S/MIME >are good for that. What makes you think that EG is a physical entity, if you haven't met him and learned to trust him through out of band channels? >The sender of an e-mail does not need to pretend beeing a particular >person or sender. Any identity of the 8 (10?) billion humans on earth >will do it. What makes you think that, given 1e10 humans, there are 1e10 identities? Ie, why do you think there is a one-to-one mapping? >PKC is good as long as the communication model is a closed and >relatively small user group. A valid signature of an unknown sender >has at least the meaning that the sender belongs to that user group. PKC is only as good as the means by which you obtain the public key. A server, a CA, are all worthless. The emperor has no clothes, get used to it.