[linux-elitists] RFC 2015 (MIME and PGP) -- RFC status?

Rick Moen rick@linuxmafia.com
Mon Mar 12 17:34:15 PST 2001


begin  Mr . Bad quotation:

> It's a Web-of-Trust thing versus a centralized certificate authority,
> but the idea is pretty much the same.

Webs of trust have smaller-scale verification problems, but also
smaller-scale scope of coverage.  Certificates have additional problems,
and in many cases only seem to be promising authentication in any
meaningful sense -- upon close examination.  (As with what follows,
below, I can do no better than to refer you to Schneier.)

> Is your point that, just because I got your key from your Web page,
> there's no way I can be sure it's you?

Yes, that's part of the problem.

Web-of-trust models tend to have problems with weak links, revocations,
and a whole host of other issues.  I can't even begin to remember the
whole sad story, but Schneier lays it out in its full lack of splendour.

> DNSSEC I don't recognize. What's that?

Draft standards for cryptographically signing DNS information, to be
supported in the newly minted, scarily beta-ish BIND v. 9.
Theoretically, if you absolutely trust the DNS, you can use this trust
to bootstrap your trust over other matters.  

A veritable game of confidence, one might say.

-- 
Cheers,                              "Open your present...."
Rick Moen                            "No, you open your present...."
rick@linuxmafia.com                  Kaczinski Christmas.
               --  Unabomber Haiku Contest, CyberLaw mailing list



More information about the linux-elitists mailing list