[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>, "Stephen Kent" <kent@xxxxxxx>
Subject: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Wed, 07 Apr 1999 10:48:17 +0200
Cc: <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Anders,

At 06:34 AM 4/7/99 +0100, Anders Rundgren wrote:
<snip>
>1) The problem is that the private keys to a company purchaser cert are
>not "yours".  I.e. they are owned by the company that can control their
use 100%
>if they never leave their secure server.  That is a very good working model.

Who owns a private key??? I don't care.
The thing that interests me is who have the exclusive right to use the key,
and that this right is protected. 

>
>2) I think that the thin client solution has more with sw distribution which
>is a true bottleneck recognized by most of the IT-industry 
>

You are solving yesterdays problems. 

The problem with exporting client software is a general problem which a
whole industry is working on. Java is one step along the line and we will
see more and better solutions. In a world where bandwidth are increasing we
will se more of "download what you need, when you need it" type of
approaches. This does not require the private keys to be used within a server.

I could support almost any type of client server solution where "thin"
clients gets software on demand to deploy what ever they are used for. But
I'll never like as a general tradeoff that private keys MUST be operated by
the server. 

To me you can put everything BUT the private keys (and one basic
certificate) in the server.

<snip>
>
>Initially PKI was about certs and global X500 directories - Did not happen
>
>Now it is zillions of certs distributed in various ways - Slow deployment
>
>So I do really believe there is room for a "third wave"
>

Yes there are, but is surely won't be private key servers.

However, a layered structure with a few long lived general certificates
(QC) that support a large number of specialized short lived certificates,
may very well be part of that "third wave".

And that seems to be not that far away from your thoughts.

>Anders
>
>

/Stefan
-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB      http://www.accurata.se
Slagthuset                      Tel. +46-40 108588              
211 20  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: RE: A $25,000,000,000 PKI
Next by Date: Time Stamp: tsa field in TSTInfo
Previous by thread: RE: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Next by thread: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Index(es):
- Date
- Thread