[cap-talk] [Fwd: Re: [e-lang] What do CAs contribute...an ironic
short term benefit]
Mark Miller
markm at cs.jhu.edu
Tue Feb 15 22:00:14 EST 2005
-------- Original Message --------
Subject: Re: [e-lang] What do CAs contribute...an ironic short term benefit
Date: Wed, 16 Feb 2005 02:29:33 +0000
From: David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
Reply-To: david.nospam.hopwood at blueyonder.co.uk, Discussion of E and other
capability languages <e-lang at mail.eros-os.org>
To: Discussion of E and other capability languages <e-lang at mail.eros-os.org>
References: <r02010400-1037-114CF2E57FB711D984990030658F0F64@[192.168.1.5]>
Bill Frantz wrote:
> On 2/9/05, marcs at skyhunter.com (marcs) wrote:
>
>>Uh...hmmm....now that I've assigned a pet name to that certificate, which is
>>a unique identifier all on its own...remind me, what value is Verisign
>>giving me?
>
> Verisign is letting the owner of that certificate (Mark Miller) generate a
> new key and pass the trust you have in the current key into the new one.
Verisign isn't needed for that. Use an off-line master key to sign on-line
subkeys, like in OpenPGP, SPKI, or if you must use X.509, proxy certificates
(RFC 3820).
If the master key is lost or compromised, then reestablishing the petname-
master key binding is no more difficult than it was in the first place.
This is not a common enough case to justify the vulnerability to a CA.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
_______________________________________________
e-lang mailing list
e-lang at mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list