PKIgate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phillip Hallam-Baker wrote:

> You can design a PKI to meet many different needs.

No, PKI can be designed for imaginary needs only with no real security.

> Identity is one purpose, but not a very useful one.

It is an example of imaginary security.

> If you want security from a
> PKI you will do better with a validation system that provides
> accountability.

Real accountability needs a real account with real *M*O*N*E*Y*
in it.

If you loss $1M by a wrong operation of a CA, the CA should be
able to compensated the amount of the loss, which is the
accountability.

*M*O*N*E*Y* is the reality.

Then, what if, a wrong operation of a CA causes $1000 loss for 1M
people?

Bankruptcy of the CA does not help the people.

A CA charging $2000 for 1M certificates may have $1000000000 in
its account and may be able to compensate $1000 loss of 1M people.
But, what the point of people paying $2000, only to receive $1000
compensation? It's better for the people not to pay anything to
the CA. What if, if the loss is $1M loss for 1M people?

The only thing serious CAs can do is to make the possibility of
wrong operation absolute ZERO, which is not human and costs
infinite amount of money, which makes the CAs not profitable.

On the other hand, less serious CAs do little, if not nothing, and
just sell imaginary security at low cost to people who really need
real security.

That's how PKI is designed and CAs work.

PKI is a system of fraud.

						Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]