[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: S2ML, Thin PKI and SPKI

To: Camillo Särs <Camillo.Sars@xxxxxxxxxxxx>
Subject: Re: S2ML, Thin PKI and SPKI
From: Olaf Kirch <okir@xxxxxxxxxx>
Date: Fri, 15 Dec 2000 15:37:53 +0100
Cc: Anders Rundgren <anders.rundgren@xxxxxxxxx>, PKIX-List <ietf-pkix@xxxxxxx>
In-reply-to: <>; from Camillo.Sars@F-Secure.com on Fri, Dec 15, 2000 at 03:42:05PM +0200
References: <> <> <> <>
User-agent: Mutt/1.2.5i

On Fri, Dec 15, 2000 at 03:42:05PM +0200, Camillo Särs wrote:
> I wasn't really focusing on that, but rather on the risk model.  Any model
> that allows almost arbitrary "contracts" to be signed without discretion
> are just too risky for real-life implementation.

I've started becoming interested in X.509 stuff only quite recently, but
all standards/drafts/etc I've read so far failed to mention the risk of
client platform compromise. This had me baffled quite a bit. The threat
is nothing new (see Kerberos' TGTs), so does this mean that e.g. PKIX
certificates are never supposed to be used on ordinary PCs?

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

References:
- Thin PKI won - You lost
  - From: Anders Rundgren
- Re: Thin PKI won - You lost
  - From: Camillo Särs
- S2ML, Thin PKI and SPKI
  - From: Anders Rundgren
- Re: S2ML, Thin PKI and SPKI
  - From: Camillo Särs

Prev by Date: Re: S2ML, Thin PKI and SPKI
Next by Date: Re: Thin PKI won - You lost
Previous by thread: Re: S2ML, Thin PKI and SPKI
Next by thread: Re: Thin PKI won - You lost
Index(es):
- Date
- Thread