[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ISODE Consortium X.509 Certification system
Bill,
thanks for forwarding this to me.
It really bothers me whenever I see someone mouthing plattitudes
about certificates, like:
>The ITU-T, through X.509, recommend strong authentication based on public
>key cryptosystems as the basis for providing secure services. The ISODE
>Consortium uses X.509 as the core of its security strategy.
>X.509 provides a flexible, scaleable and manageable algorithm-independent
>authentication infrastructure, which can be used as the basis for a wide
>range of security services such as message encryption and access control.
Fact is, identity certification (which is what X.509 gives) is neither
necessary nor sufficient for providing secure services -- and there's
nothing magic about X.509.
There are marketeers, however, who want the world to believe that the
generation and use of X.509 certs will somehow give you security -- so they
can sell machinery or a service which makes those certs.
- Carl
P.S. My USENIX paper giving the case against certification authorities is
on-line now at <ftp://ftp.clark.net/pub/cme/usenix.ps> =
<http://www.clark.net/pub/cme/usenix.ps>
+------------------------------------------------------------------+
|Carl M. Ellison [email protected] http://www.clark.net/pub/cme |
| PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84 E9 C8 04 8B A6 32 21 A2 |
+-Officer, officer, arrest that man. He's whistling a dirty song.--+