[FoRK] Re: identity-based encryption
Gregory Alan Bolcer
gbolcer at endeavors.com
Tue Feb 10 09:59:38 PST 2004
Proof by contradiction?
0) Digital certificates provide no actual security for e-commerce
1) Shared, pre-installed Digital certificates provide channel encryption.
2) Most e-commerce information is transferred across and encrypted channel
2) Channel encryption is not equal to "no security"
The term "next to no" would be more appropriate. Also,
just to pipe in, I think the failure of PKI has more to do
with no client apps (ESPECIALLY networked client
apps) were easily integrated with it more than
the namespace (which did contribute to the failure, but only
a small percentage).
From: fork-bounces at xent.com on behalf of Tyler Close
Sent: Tue 2/10/2004 9:12 AM
Subject: Re: [FoRK] Re: identity-based encryption
On Tue February 10 2004 12:11 am, Gordon Mohr wrote:
> And yet, as bad as 'phishing' and other confusion-based attacks
> have shown (for one example) SSL and the browser 'lock'/domain
> approach to be, it's still been (1) better than nothing;
You may want to note that many respected security researchers
disagree with your assertion. In particular, Bruce Schneier has
"Digital certificates provide no actual security for electronic
commerce; it's a complete sham."
See the quoted section at:
The union of REST and capability-based security.
FoRK mailing list
More information about the FoRK