Re: secure tcp ports

> > TLS requires a CA, unless one of the proposed shared key
> > mechanisms are adopted. There is not a global CA
> > infrastructure, more or less a US infrastructure. Worse, in
> > the US there is the real possibility of escrow. Associated with
> Begging your pardon, but Thawte's strategy is entirely
> global. Also, because we are based outside the US, the only way
> we would consider escrow is if the US government explicitly
> banned the use of non-escrow keys within the US - an unlikely
> proposition.

If Thawte can establish a global presence, comply with
international and domestic law, assure the authenticity of
every source (implying possible legal liabilities), assure
the redundancy, reachability, and integrity of each of their
CAs (implying liabilities again), and interoperate with
existing CAs (such as AT&T), then they will offer a great
service. However, if they cannot then the service is of
marginal value and no different than the patchwork of CAs
operating today.

> > most CAs is a financial transaction. Though traditional use of
> > security (in particular, cryptography) has often been
> > labeled as "not for free", requiring investment in a CA or
> > purchase of a CERT gives the term new meaning.
> As soon as it's possible to conduct quality checks free, there
> will be quality free certs. Certification should not be an
> expensive thing at all. We don't think so.

I haven't read anything on the subject in a while but in the US
there was a proposal to have the US Postal Service offer CA
services and issue CERTs based on the presentation of US
accepted identification.

I do not recall if the proposal included a fee for CERT issuance.
I also am suspect on the "US accepted identification" part. If I
remember correctly the identification was a valid US driver
license. Ha!

The issuance of a CERT must be based on strong verification of
who it is issued against. Without strong verification the
authenticity of any CERT is suspect. Verification offers
interesting challenges not only in the US but around the globe.


Received on Friday, 7 February 1997 12:24:39 UTC