At 1:15 PM -0400 6/12/02, Keith Moore wrote: > > > I don't want to discount the importance of cert discovery, but I do >> > think it's a stretch to believe that you're going to be willing to trust >> > all of the certs that you discover in a chain of significant length, for >> > a significant set of purposes. >> >> So do you think that there's a necessary difference in trustworthiness >> between the certs that you "discover" when you take your computer out of >> the box, or download the latest browser, and those that you would discover >> via some lookup mechanism? Even if the certs discovered via that >> mechanism were associated with policies based on explicit agreements >> and terms of use between your organization and the various issuers? > >no, I think there's likely to be a difference in the trustworthiness >of a short chain of certs involving a small number of other parties >vs. that of a long chain of certs involving a larger number of other >parties. and if the cert discovery mechanism can incorporate >personal and/or site policy, that's great - as long as it knows >which policy to use under which circumstances. > >in general I think the longer the cert chain, the narrower the applicability. > >Keith I think that it is an oversimplification to argue that shorter chains are necessarily less trustworthy than longer ones, and this seems especially true in this context. if one were to create a PKI paralleling the DNS, each CA would correspond to a component of a DNS name and each of those points is authoritative for the naming of the entities under it. this is not a new notion introduced by making a PKI parallel to the DNS, but is an intrinsic feature of the DNS design. if one chose to create such a PKI, the CAs would not be trusted third parties in the common sense of the term. they are precisely the entities that are responsible for managing their parts of the DNS name space and are implicitly trusted to do so. Those who have argued against a single root in general should note that there are ways to have multiple entities act in a coordinated fashion to sign on behalf of a root, which mitigates the security concerns associated with what might appear to be a single root. But, that does not diminish the problems noted earlier re increased traffic for TLD DNS servers, etc. I'm just addressing tyhe security aspects of a DNS-based PKI. Also even if one were to have a singly rooted DNS, that does not make it the only game in town, i.e., there should be lots of other PKIs, each with its own root and serving a well defined constituency. Steve