[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats?
Dave Kearns:
> But who would guarantee the statement that "No major security
> holes have been found"? Are we simply to take XYZs word
> for it?... No, but we need to 'guarantee the integrity' of the
> SIGNER.
What on earth do you mean by "guarantee of integrity"? A legal
contract promising you your money back? Legal liability?
Any old stranger claiming that he is making a "guarantee"?
Specifics, please!
> No, hierarchies allow for standards based rules for issuing
> certificates and 'guarantees'.
It's quite possible to issue certficates without any sort
of heirarchy: an example is the widely used public-key cryptography
system, PGP. And here's another place we need to be more
precise: does "heirarchy" do we mean a single-rooted tree, a directed
acyclic graph, a cyclic graph, or what? What specific constraints
are being set by the standards? My argument was against
single rooted trees.
> The important point, to me, is that there exists a path I can follow
> to establish the credentials of the Guarantor and satisfy myself
> as to the reliability of whatever it is I'm about to access.
I agree, but I'm hardly willing to follow some ill-defined "guarantee",
or trust somebody merely because he's called a "Guarantor".
I want each cryptographic step to be precisely defined, and
each claim in a certificate be specific and highly credible.
A system based on ambiguous "guarantees of integrity" wouldn't
provide anything even approaching a guarantee of integrity.
Nick Szabo szabo@netcom.com
References: