[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
Scott Brickner writes:
> [ ... a bunch of stuff I have no quarrel with ... ]
> Identifying the key with the person is entirely reasonable, if the key
> is what introduced the person to you (and thus ontologically created
> the entity).
Right (sez me).
> If the introduction happens prior to receiving the key,
> then authentication becomes necessary to avoid MITM.
Maybe I'm not sure what good a "true name" certificate is going to do
me in establishing confidence in a key. How will I know that the
MITM attack didn't begin with the "true name" registration?
(Note that I continue to insist that I very well might be totally
without clue here, so correct me brutally if applicable.)
| Nobody's going to listen to you if you just | Mike McNally ([email protected]) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX |