On 2014-04-29 18:18, ianG wrote:
On 29/04/2014 19:02 pm, Greg wrote:
I'm looking for a date that I could point to and call the "birth of
modern HTTPS/PKI".
There is the Loren M Kohnfelder thesis from May of 1978, but that's not
quite it because it wasn't actually available to anyone at the time.
Perhaps an event along the lines of "first modern HTTPS implementation
in a public web browser was released", or something like that.
Any leads? Maybe something from Netscape's history?
Yes, 1994, when Netscape invented SSL v1. Which had no MITM support,
which was then considered to be a life and death issue by RSADSI ...
which just happened to have invested big in a think called x.509. And
the rest is history.
Some commentary here, which is opinion not evidence.
http://financialcryptography.com/mt/archives/000609.html
I guess the historic gap between Loren Kohnfelder thesis and Netscape
SSL development has to be filled with due consideration of the OSI
development, and notably the Network Layer Security Protocol (NLSP).
Prior to the domination of IP protocols, the "information highway" was
expected to be secured with the NLSP over an X.25 backbone.
The payment industry was investing in SET (Secure Electronic
Transactions), and the Netscape SSL was first perceived as a childish
attempt for a quick and (very) dirty short term solution.
Even then, in my understanding, there would still be a gap between Loren
thesis and the NLSP development. I have some clues that the Digital
Equipment DecNET protocols would fill this gap.
Don't look at Microsoft. By 1995, their only IT security commitment
seemed to be for a facsimile security protocol (even devoid of public
key crypto). (This should have been a prior art against Data Treasury
cheque imaging patent battle, but that's another lllooonng story.)
In retrospect, the ASN.1 based X.509 security certificate has been
salvaged from the OSI effort thanks to Verisign dedication to license
their patents for some IETF protocols on easy terms.
Lotus Notes security is special because it evolved from an RSA
technology license acquired prior to RSADSI, and they use certificates
without the ASN.1/X.509 paradigms.
Regards,
- Thierry Moreau
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
