incubator-heraldry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hallam-Baker, Phillip" <pba...@verisign.com>
Subject RE: [OpenID] Announcing OpenID Authentication 2.0 - Implementor'sDraft 11
Date Tue, 23 Jan 2007 01:54:49 GMT
I said that PKI was successful and that SSL fulfilled its goals.

I did not say that the goals of PKI had been fullfilled nor is that relevant in the slightest.
PKI works, it is a useful tool. The only people who don't accept that are people who never
understood PKI or what it might be used for and so imagined a set of strawman goals that were
idiotic, impossible and not suprisingly never fullfilled.

SSL uses PKI, so does PGP. Even SSH uses a limited form of PKI.

There is a competitive market in CA services.

> -----Original Message-----
> From: Ka-Ping Yee [mailto:google@zesty.ca] 
> Sent: Monday, January 22, 2007 7:56 PM
> To: Hallam-Baker, Phillip
> Cc: James A. Donald; Ben Laurie; openid-general; 
> heraldry-dev@incubator.apache.org
> Subject: RE: [OpenID] Announcing OpenID Authentication 2.0 - 
> Implementor'sDraft 11
> 
> On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
> > SSL achieves the original security goals set for it.
> >
> > SSL does not achieve every security goal, that is not a failure.
> > Certainly there are no grounds for the claim PKI has failed when it 
> > has succeeded in its original limited goals.
> 
> You appear to be making the claim that PKI has been successful.
> I'm asking for the grounds for your claim.
> 
> SSL and PKI are not the same thing; the widespread adoption 
> of SSL does not imply that PKI has achieved its goals.  To 
> back up your claim, could you state what you believe PKI is 
> supposed to achieve, and how you know that it has been 
> successful at achieving that?
> 
> As far as I know, the goal of PKI is to establish a party's identity.
> But SSL, the application of PKI that you highlight as a 
> success story, fails to prevent impersonation.  That to me is 
> a failure of PKI.
> 
> Did you have a different goal in mind?
> 
> 
> -- ?!ng
> 

Mime
View raw message