[FoRK] Re: identity-based encryption

Gregory Alan Bolcer gbolcer at endeavors.com
Tue Feb 10 09:59:38 PST 2004


Proof by contradiction? 
 
0) Digital certificates provide no actual security for e-commerce
1) Shared, pre-installed Digital certificates provide channel encryption.
2) Most e-commerce information is transferred across and encrypted channel
2) Channel encryption is not equal to "no security"
QED.  :-)
 
The term "next to no" would be more appropriate.  Also,
just to pipe in, I think the failure of PKI has more to do
with no client apps (ESPECIALLY networked client
apps) were easily integrated with it more than
the namespace (which did contribute to the failure, but only
a small percentage).  
 
Greg

	-----Original Message----- 
	From: fork-bounces at xent.com on behalf of Tyler Close 
	Sent: Tue 2/10/2004 9:12 AM 
	To: forkit! 
	Cc: 
	Subject: Re: [FoRK] Re: identity-based encryption
	
	

	On Tue February 10 2004 12:11 am, Gordon Mohr wrote:
	> And yet, as bad as 'phishing' and other confusion-based attacks
	> have shown (for one example) SSL and the browser 'lock'/domain
	> approach to be, it's still been (1) better than nothing;
	
	Prove it.
	
	You may want to note that many respected security researchers
	disagree with your assertion. In particular, Bruce Schneier has
	written:
	
	"Digital certificates provide no actual security for electronic
	commerce; it's a complete sham."
	
	See the quoted section at:
	
	http://www.waterken.com/dev/YURL/Schneier/
	
	Tyler
	
	
	--
	The union of REST and capability-based security.
	http://www.waterken.com/dev/Web/
	
	_______________________________________________
	FoRK mailing list
	http://xent.com/mailman/listinfo/fork
	



More information about the FoRK mailing list