Hallam-Baker, Phillip wrote: > Security is a property of systems and not of technologies. Yes, of course. Though some often claims PKI were cryptographically secure, it does not mean PKI is strongly secure. Cookies, too, are cryptographically secure. > In particular security is risk management and not the elimination > of all risk. So, I, quite constructively, showed how to archieve strong security by securely sharing security information directly between the first and the second party. It eliminates intermediate intelligent entities and gives the ultimate (fate sharing) security archived by the end to end principle. On the other hand, you and others merely stating possibility that some PKI could be made fairly secure if all the operational rules could be observed by all the operators. > PKI provides opportunities for technical risk mitigation which are > not available in normal circumstances. That's a totally unfounded statement and is not constructive. > For example the root keys associated with high security embedded Security is a property of systems and not of parts of systems. Backbone routers can be protected equally securely. > Such operational controls are not likely to be acceptable to network > administrators at your average ISP. Nor to PKI administrators near leaf where keys must be accessed often to generate CAs. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf