what are realistic threats?

• To: szabo@netcom.com
• Subject: what are realistic threats?
• From: rosenthl@mcc.com (Doug Rosenthal)
• Date: Tue, 4 Oct 94 13:21:11 CDT
• Cc: karl@cavebear.com, hallam@dxal18.cern.ch, tmplee@mr.net, www-security@ns1.rutgers.edu
• In-Reply-To: Nick Szabo's message of Tue, 4 Oct 1994 05:05:31 -0700 (PDT) <199410041205.FAA19326@netcom4.netcom.com>
• Reply-To: rosenthl@mcc.com (Doug Rosenthal)

Just to comment a bit further on the issue of certificates, the
importance of public key certificate management/interpretation cannot
be emphasized enough, especially as digital signatures begin to play
an increasing role in electronic commerce.  This begs the question as
to how certificates are obtained and validated, given the potential
need for certificate revocation (e.g. a key pair is compromised, or
routinely changed, or ...).  In the absense of an on-line certificate
service, I'm not convinced that the approach of using certificate
revocation lists (CRLs) will be adequate for on-line electronic
commerce applications, at least with respect to the timeliness of the
CRL information and the efficiency with which it can be processed.

Others' comments on this issue?

- Doug

• Re: what are realistic threats?
• From: Bob Smart <smart@mel.dit.csiro.au>

• Re: what are realistic threats?
• From: szabo@netcom.com (Nick Szabo)

• Previous: Re: what are realistic threats?
• Next: credit card security question
• Index(es):
  • Index
  • Thread