From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Wed Oct 17 2001 - 05:00:25 CDT
In <20011016121428.D19909@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>On Tue, Oct 16, 2001 at 09:35:54AM +0000, Charles Lindsey wrote:
>> The depth of the tree of certicifactes is proportional to the logarithm of
>> the total number of keys involved. The breadth of the tree (actually, a
>> directed graph) is hard to quantify (how many top-level trusted parties
>> are needed?), but may be linear in that number. The size of the databases
>> kept by the certificate authorities worldwide is certainly at least
>> linear. With a billion keys ... ?
>Certificate authorities do not need to keep databases. A certificate
>chain validates itself. The main reason certificates were invented
>was to eliminate the database problems of key management. You seem to
>write as though you are unaware of this.
>CAs may very well keep an audit trail of what they do, but there is no
>need to. When presented with a certificate they signed, they can tell
>if they signed it. They don't have to check a database.
So if A certifies that this obscure injecting site in Tibet is indeed who
it claims to be, and if B certifies that the obscure certifier A is indeed
a competent certifiers whose certificates ought to be believed, and if C
(who is a well-known-worldwide certifiers who claims that _everybody_
should trust him) certifies that B is OK (that's a chain of 4
certificates), and if NONE of them keep any records as to whom they have
certified, or the evidence they based their certification on, then how can
they even contemplate renewal of the certificates when they expire?
Clearly, they are all incompetent, which means that no site is likely to
trust any of them. Certainly I wouldn't. And in such a lax regime, how
easy would it be for Hipcrime to get a plausible looking certificate?
>If they are a high quality CA, they might keep a database to provide
>customer service, such as reminding people to renew, etc. but there is
>no technical requirement. That is the true elegance of the invention.
If they are a high quality CA, then they need to do a high quality job.
Trust has to be earned - it does not come automatically just because some
algorithm checks out some certificates.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5