On Apr 29, 2014, at 1:18 PM, ianG <[email protected]> wrote: > Yes, 1994, when Netscape invented SSL v1. Which had no MITM support, > which was then considered to be a life and death issue by RSADSI ... > which just happened to have invested big in a think called x.509. And > the rest is history. > > Some commentary here, which is opinion not evidence. > > http://financialcryptography.com/mt/archives/000609.html
Fascinating. I especially liked the timelines there, thanks for the link! I'm now slowly coming to the conclusion that my search for a specific "birthdate" of modern PKI might be in vain. The way I phrased it in an email to Peter was: Do you happen to know of the date of the following event: when did the first publicly available web browser successfully connect over HTTPS to the a publicly available HTTPS website, and have the website's certificate validated by a CA in the same manner as it is done today? ..if that's not available, then simply the date of the release of the first implementation of HTTPS? There's also this little timeline graphic from the link: Then there's the wiki: https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development Which says: The SSL protocol was originally developed by Netscape.[10] Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0."[11] SSL version 3.0, released in 1996, was a complete redesign of the protocol produced by Paul Kocher working with Netscape engineers Phil Karlton and Alan Freier. Newer versions of SSL/TLS are based on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical document in RFC 6101. And there's the x509 wiki: https://en.wikipedia.org/wiki/X.509#Public-Key_Infrastructure_.28X.509.29_Working_Group The The Public-Key Infrastructure (X.509) working group (PKIX) was a working group of the Internet Engineering Task Force dedicated to creating RFCs and other standard documentation on issues related to public key infrastructure based on X.509 certificates. PKIX was established in Autumn 1995 in conjunction with the National Institute of Standards and Technology.[17] So... it sounds like Netscape either had a publicly available implementation of "modern PKI" before, or at about the same time as the standards were being published. In that case, while there doesn't appear to be a precise date, the birth year at least seems to be 1995. This monstrosity was born sometime late 1995. Is that about right? Or would I be mistaken to call that the birth year? Thanks much for the history lesson and fascinating references! - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
