Re: Common misconceptions, was Re: KISS for PKIX, was ...

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

"David P. Kemp" <dpkemp@missi.ncsc.mil> writes:

>A proposed approach to allocating liability included a root CA operated by an
>organization with huge assets (such as a commercial bank) but with only two 
>warranted responsibilities: 1) ensuring name uniqueness across the certs 
>issued by that CA, and 2) protecting the CA's private key.  (A third, 
>unstated, requirement would be to use sufficiently conservative cryptography 
>for signatures on the issued certs).
>
>[...]
>
>You (as a relying party) can rely on a certificate to any extent you wish.  A
>CA may warrant that it follows certain practices; it may also warrant 
>results, as with the hypothetical root CA above, if the amount of loss and 
>the risk of loss can be quantified.  You, the relying party, assume all risk 
>not assumed by the CA.  You are the sole judge of whether the PKI provides a 
>benefit - whether profit from transactions enabled by the PKI minus expected 
>losses from risks not assumed by the PKI is positive.

You know, this would actually work (and it's effectively what organisations 
like Verisign are doing anyway through their CPS).  Apart from the obvious 
objection (<whine>but a PKI isn't supposed to work like that</whine>), is 
there any major reason why this is a bad thing?

Peter.