[p2p-hackers] RE: P2P Authentication
Paul Lambert
PaulLambert at AirgoNetworks.Com
Thu Oct 27 17:34:35 UTC 2005
> > Traditional public key signing doesn't work well if you want to
> > eliminate the central authority / trusted third party. If you like
> > keeping those around, then yes, absolutely, traditional PKI works
> > swimmingly.
>
> Where is the evidence of this bit about "traditional PKI
> working"? As far as I've observed, traditional PKI works
> barely for small, highly centralized, hierarchical
> organizations and not at all for anything else. Am I missing
> some case studies of PKI actually working as intended?
>
> Regards,
>
> Zooko
I'm not a big fan anymore of x.509 ... but with difficulty it does work.
There are very large Government installations, MS code signing uses PKI,
TLS and browsers use PKI (but poorly).
P2P systems, at least 'Real P2P'(tm), has no use for a single central
authority. Having every peer maintain their own trust hierarchy is
viable. It's the forest model versus a single tree model.
Paul
More information about the P2p-hackers
mailing list