[cap-talk] [Fwd: Re: [e-lang] What do CAs contribute...an ironic short term benefit]

Mark Miller markm at cs.jhu.edu
Tue Feb 15 22:00:14 EST 2005



-------- Original Message --------
Subject: Re: [e-lang] What do CAs contribute...an ironic short term benefit
Date: Wed, 16 Feb 2005 02:29:33 +0000
From: David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
Reply-To: david.nospam.hopwood at blueyonder.co.uk,   Discussion of E and other 
capability languages	<e-lang at mail.eros-os.org>
To: Discussion of E and other capability languages <e-lang at mail.eros-os.org>
References: <r02010400-1037-114CF2E57FB711D984990030658F0F64@[192.168.1.5]>

Bill Frantz wrote:
> On 2/9/05, marcs at skyhunter.com (marcs) wrote:
> 
>>Uh...hmmm....now that I've assigned a pet name to that certificate, which is
>>a unique identifier all on its own...remind me, what value is Verisign
>>giving me?
> 
> Verisign is letting the owner of that certificate (Mark Miller) generate a
> new key and pass the trust you have in the current key into the new one.

Verisign isn't needed for that. Use an off-line master key to sign on-line
subkeys, like in OpenPGP, SPKI, or if you must use X.509, proxy certificates
(RFC 3820).

If the master key is lost or compromised, then reestablishing the petname-
master key binding is no more difficult than it was in the first place.
This is not a common enough case to justify the vulnerability to a CA.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

_______________________________________________
e-lang mailing list
e-lang at mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang



-- 
Text by me above is hereby placed in the public domain

     Cheers,
     --MarkM



More information about the cap-talk mailing list