[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Key attributes (was: pseudonyms & list health)



  [email protected] (Douglas Barnes)  writes:
> If anyone still has the flyer from the Crypto '95 rump session,
> there was a guy there talking about ANSI standards, and one of
> the things he mentioned in his talk was work they were doing on
> "key attributes."
> I spoke with him afterwards, and we had a lively discussion about
> this matter; especially with regard to the relationship between
> key certification and key attributes. I argued that certification is
> just another kind of attribute, while he is fairly hung up on
> certificate hierarchies, etc.

Did he perchance work for some US Federal Agency such as NIS&T?
Or a large corporation?

My small PGP key was created at the National Computer Security Conference
in 1992. About half the attendees were NSA, and lots more were from
assorted defense and civilian agancies. During the free time, I talked
to a bunch of them about Phil's web of trust.

I had a really hard time understanding with where they were comming from,
and they had no clue as to why I thought hierarchical CA chains are
so bad.

I didn't convince anyone. But I have come to understand that if you spend
your entire working life in a job that is structured from the President
on down a heirarchy, you can't imagine any other organizational structure.

This includes the obvious LEAs such as FBI, ATF, all the Defense folks
and sppoks like CIA, DIA, NSA, and the standards "setting"
folks out at NIS&T.

Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>