1996-09-12 - Re: ISODE Consortium X.509 Certification system

Header Data

From: Carl Ellison <cme@cybercash.com>
To: stewarts@ix.netcom.com
Message Hash: d0b2d2063c3c40bca320d6edc4d4de1962a2146914a71e0d278c9a752046a033
Message ID: <3.0b11.32.19960912105914.0054f7b0@cybercash.com>
Reply To: N/A
UTC Datetime: 1996-09-12 19:20:38 UTC
Raw Date: Fri, 13 Sep 1996 03:20:38 +0800

Raw message

From: Carl Ellison <cme@cybercash.com>
Date: Fri, 13 Sep 1996 03:20:38 +0800
To: stewarts@ix.netcom.com
Subject: Re: ISODE Consortium X.509 Certification system
Message-ID: <3.0b11.32.19960912105914.0054f7b0@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill,

        thanks for forwarding this to me.

        It really bothers me whenever I see someone mouthing plattitudes
about certificates, like: 

>The ITU-T, through X.509, recommend strong authentication based on public 
>key cryptosystems as the basis for providing secure services. The ISODE 
>Consortium uses X.509 as the core of its security strategy. 
>X.509 provides a flexible, scaleable and manageable algorithm-independent 
>authentication infrastructure, which can be used as the basis for a wide
>range of security services such as message encryption and access control. 

Fact is, identity certification (which is what X.509 gives) is neither
necessary nor sufficient for providing secure services -- and there's
nothing magic about X.509.

There are marketeers, however, who want the world to believe that the
generation and use of X.509 certs will somehow give you security -- so they
can sell machinery or a service which makes those certs.

 - Carl

P.S.  My USENIX paper giving the case against certification authorities is
on-line now at <ftp://ftp.clark.net/pub/cme/usenix.ps> =
<http://www.clark.net/pub/cme/usenix.ps>

+------------------------------------------------------------------+
|Carl M. Ellison       cme@acm.org    http://www.clark.net/pub/cme |
|   PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84  E9 C8 04 8B A6 32 21 A2    |
+-Officer, officer, arrest that man. He's whistling a dirty song.--+






Thread