Re: Creating a Global User-level CA/Trust Infrastructure forSecureMessaging

Wed, 03 Dec 2008 04:24:01 -0800 

On 12/02/2008 08:04 PM, Ian G:

Eddy Nigg wrote:

In case of Skype they are the software vendor and control the
software, the issuing instance and also the user


Right, they do everything. One advantage for today: in the case of Skype
we (the user) only have to pay for one organisation. In the case of CAs,
we have to pay for four organisations.



Well, not sure where the payment comes in, but I don't pay personally 
for either software, not for certificates and certainly not for my own 
private keys. Now where does the "pay" come in?



But besides that, PKI is implemented in this way, because it makes 
sense, not because it doesn't. Each party has its responsibilities.



In the case of Skype, they just use the tools relatively wisely to solve
the problems they need to solve. Their particular design eliminates many
of the things that PKI does, but that is simply because their design
meets the security needs and addresses the threat model for their given
application and audience.



Meets the needs of whom? Just because the average user doesn't 
understand it (not when using Skype nor when using Firefox or 
Thunderbird) doesn't mean that it meets the security needs. It doesn't 
for me (for confidentially) and the security theater could be simply 
omitted. Same effect.



If I could use my own client certs that would be a different 
story....well, yes, it's called PKI...




If there is anything "dictatorial" it is the claim that there is only
one true security model;



Why do you think so many are using PKI? Because it's dictated or because 
it solves a problem? I didn't invent it, but it serves the purpose 
extremely well, hence I'm using it. Nobody forced me to, it's my own 
conclusion.



(When was the last time your security model was updated?)




There are always some smaller moves here and there, however at large no 
updating is needed because it works. Or shall I say, the full potential 
hasn't been reached yet and PKI will be deployed just about everywhere?


--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog:   https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto


























					Reply via email to