To:
"'Brad Knowles'" <brad.knowles@skynet.be>, "'Masataka Ohta'" <mohta@necom830.hpcl.titech.ac.jp>
Cc:
"'Edward Lewis'" <edlewis@arin.net>, "'Markus Stumpf'" <maex-lists-dns-ietf-dnsop@Space.Net>, <dnsop@cafax.se>
From:
"John M. Brown" <john@chagres.net>
Date:
Wed, 23 Oct 2002 19:13:41 -0600
Importance:
Normal
In-Reply-To:
<a05200d12b9dcec81c1ca@[146.106.12.76]>
Reply-To:
<john@chagres.net>
Sender:
owner-dnsop@cafax.se
Subject:
RE: Interim signing of the root zone.
I thought this thread is about an "Interm" method of signing the root-zone. Not solving the credit card fraud issues, or world hunger. If we can bring this back on topic and work towards the goal of having a better system, even if it means taking baby steps towards those goals, then this debate will have much more meaning in the "recent" sense. thank you john brown Le Geek > -----Original Message----- > From: owner-dnsop@cafax.se [mailto:owner-dnsop@cafax.se] On > Behalf Of Brad Knowles > Sent: Wednesday, October 23, 2002 6:29 PM > To: Masataka Ohta > Cc: Brad Knowles; Edward Lewis; Markus Stumpf; dnsop@cafax.se > Subject: Re: Interim signing of the root zone. > > > At 11:28 PM +0859 2002/10/23, Masataka Ohta wrote: > > > The real world does not need PKI. > > > > People pay with credit card, not because of PKI, but > because credit > > card campanies give credentials to their customers. > > The credit card companies lose billions of dollars a > year due to > fraud. They want more secure transactions than most anyone else in > the world, and they are paying *BIG* bucks to make it happen. And a > KI or PKI is a critical part of that task. > > Are you willing to have your startup risk billions of dollars a > year because you didn't secure the transactions, but you guarantee > them anyway? > > > Shared key cryptography with long and random enough keys > is simply > > secure regardless of the number of the users. > > Shared keys that long and random can't be remembered by users, > and there has to be some sort of KI to support them. > > > Your argument should be that, public key cryptography is insecure > > because it relies on the security of transactions of shared key > > cryptography which is '"secure" as an inverse power of the > numer of' > > transactions which have the shared keys exchanged through > PKI for so > > may transactions, > > Shared key transactions are a critical part of public key > transactions. The public key part is just enough to allow you to > securely exchange shared session keys which then automatically go > away. > > The problem is with persistent shared key cryptography. > > > Fortunately, in the real world, no one needs PKI. > > Maybe they think they don't. > > > Over the real world Internet, people are already paying on > line with > > credit cards, because credit card companies are giving > credential to > > their users through the direct relationships between the > credit card > > companies and the users. > > How many users are willing to buy things over the net > that aren't > secured with SSL? Well, any use of SSL is using public key > cryptography, and needs a PKI. > > If you're willing to use credit cards without securing the > transaction, then feel free to share your credit card numbers on this > mailing list. > > > You can't use your credit card for your shopping, if the > shop you are > > paying for can not communicate with a credit card company to > > authorize your credential information, for which PKI is useless. > > How the hell do you think they authorize the card?!? > > Just what does the word "authorize" mean in your > dictionary, anyway?!? > > > Moreover, best effort communication over the Internet is > basically > > free that no one really want to reduce the need for the realtime > > communication. > > Feel free to turn off all use of SSL, TLS, ssh, etc... on all > your computers. > > > On the other hand, credit card companies or any other > entities are > > giving credential to their users through direct > relationships between > > the entities and the users. They can exchange and are already > > exchanging shared keys through the direct relatiohships. > > And how do you think those direct relationships are handled in > the first place?!? > > > Nothing is different on (in)secure DNS that there is no point on > > signing the root zone. > > > > The real world does not need PKI nor secure DNS. > > Feel free to give us your social security number, your credit > cards, and all your other personal data. > > If you're not willing to do that, then please share with us how > you are going to secure any transaction that uses this kind of > information. Moreover, please explain how you are going to do that > but *not* using SSL, TLS, ssh, or any other form of encryption. > > -- > Brad Knowles, <brad.knowles@skynet.be> > > "They that can give up essential liberty to obtain a little > temporary safety deserve neither liberty nor safety." > -Benjamin Franklin, Historical Review of Pennsylvania. > > GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E > W+++(--) N+ !w--- > O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) > X++(+++) R+(+++) > tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* > tv+z(+++) > #------------------------------------------------------------- > --------- > # To unsubscripbe, send a message to <dnsop-request@cafax.se>. > #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.