Re: From whence we came...

[Keith Moore <moore@cs.utk.edu>]

One thing of which I'm certain is that any key (material) distribution
system which assumes a single model for trust is doomed to near-irrelevance.
Trust is fundamentally a human concept, and humans have a variety of
models for trust.

I carry several kinds of credentials with me in my wallet.  Some of
these make assertions about my identity - effectively associating
a name, physical address, and nationality to someone matching my
physical characteristics.  Others make assertions about my ability
to honor a loan agreement, to operate a motor vehicle, to pilot an
aircraft, etc.  Different transactions require different combinations
of these credentials.  My passport will not substitute for my university
identification card, nor vice versa, even though both are (to some
degree) assertions about of my identity.  Fraudulent use of a credit
card has a different kind of risk than fraudulent use of a passport,
and there are different mechanisms to minimize the negative effects
of those risks.

Trust models in cyberspace will need to be similarly varied, and
any system for key material distribution will need to accomodate
many different trust models.  If it is to be successful it cannot
impose any trust models on its users.  The best it can do is to
provide a variety of methods by which a client might verify a
principal's credentials, and let the client decide which one
he/she/it trust for his/her/its particular application.

And due to several limitations, I think it's going to be very
difficult to cram all of this into DNS.

Keith