[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: subjective names and MITM

Adam Shostack writes:
>	Just a minor nit regarding a well thought out post, public
>keys are not 'global' ids, but 'system-wide' IDs.  For keys to be
>really global, there needs to be a mechanism in place for insuring
>that key ids are very probably unique.  One way to ensure that keys
>are globally unique would be to integrate a KCA identifier with the
>keyid, and KCAs base part of their reputation on not signing multiple
>keys with the same id.

A public key *is* "very probably unique".  A "randomly selected" 1024 bit
prime number has a specific amount of entropy in it.  The likelihood of
two users world wide "randomly" choosing the same such prime may be
precisely determined (assuming you can figure the entropy).

Who needs a KCA to certify it?

The real benefit of the KCA is as a means of linking the key with a unique
person.  As I've commented before, anonyms have no meaningful "credit rating".