Re: PKI is weakly secure (was Re: Updating the rules?)

To: Douglas Otis <dotis at mail-abuse.org>
Subject: Re: PKI is weakly secure (was Re: Updating the rules?)
From: Eliot Lear <lear at cisco.com>
Date: Wed, 11 Jul 2007 09:55:38 +0200
Authentication-results: ams-dkim-2; header.From=lear@cisco.com; dkim=pass (s ig from cisco.com/amsdkim2001 verified; );
Cc: IETF discussion list <ietf at ietf.org>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=702; t=1184140548; x=1185004548; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20PKI=20is=20weakly=20secure=20(was=20Re=3A=20Updating= 20the=20rules?) |Sender:=20; bh=T0m6xZBdOPRHrWImyba6q7WtPf++gaufZohRowYNuPw=; b=wUNbcUIR3FkXDCRRXAo36oTNJSFTHph8komVx0oE9AorrOV2SHeAzLC74ljaD/09dxUVNa5k hVW32h3ZpZR0jigfqHXKo+CskF4NmfVtcU3IHZv5NmAXsm21jdv3jEna;
In-reply-to: <EA5CB677-A435-4A6B-BB6D-D0B88876A535@mail-abuse.org>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <468C9DC5.1070805@gmail.com> <68fba5c50707062119l43e230edsd2361b55b2e2225b@mail.gmail.com> <468F331F.7000409@cs.utk.edu> <468F5EA8.8070006@necom830.hpcl.titech.ac.jp> <468F688A.60800@cisco.com> <468F71D5.3000604@necom830.hpcl.titech.ac.jp> <4691C8EC.8000509@cisco.com> <EA5CB677-A435-4A6B-BB6D-D0B88876A535@mail-abuse.org>
User-agent: Thunderbird 2.0.0.4 (Macintosh/20070604)

Doug,

When short cuts are taken in PKI as with SMTP, there should be some concern.

DKIM voids vetted CAs, as the public key is obtained from DNS, this provides the URL association directly.

It's really not the same. The implications of a compromised DKIM key are bilateral *at best*, whereas a CA, particularly a well known one will have far broader impact.

But that's not what I was talking about. What I was referring to was Ohta-san's implication that PKI is fundamentally flawed. Perhaps it is, but I don't see anything better for key distribution to millions of people. If you, he, or anyone else comes up with something better, I'm all ears.

Eliot

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Douglas Otis
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Masataka Ohta

References:
- Updating the rules?
  - From: Brian E Carpenter
- Re: Updating the rules?
  - From: Robert Sayre
- Re: Updating the rules?
  - From: Keith Moore
- PKI is weakly secure (was Re: Updating the rules?)
  - From: Masataka Ohta
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Eliot Lear
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Masataka Ohta
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Eliot Lear
- Re: PKI is weakly secure (was Re: Updating the rules?)
  - From: Douglas Otis

Prev by Date: Re: PKI is weakly secure
Next by Date: Re: PKI is weakly secure (was Re: Updating the rules?)
Previous by thread: Re: PKI is weakly secure (was Re: Updating the rules?)
Next by thread: Re: PKI is weakly secure (was Re: Updating the rules?)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: PKI is weakly secure (was Re: Updating the rules?)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.