To:
Keith Moore <moore@cs.utk.edu>
Cc:
Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Ted Hardie <Ted.Hardie@nominum.com>
Date:
Wed, 9 Jan 2002 11:10:52 -0800
Content-Disposition:
inline
In-Reply-To:
<200201082326.g08NQdi08354@astro.cs.utk.edu>; from moore@cs.utk.edu on Tue, Jan 08, 2002 at 06:26:39PM -0500
Reply-To:
Ted.Hardie@nominum.com
Sender:
owner-keydist@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: From whence we came...
I think this is a valid point. The way I wrap that in my head is: DNSSEC helps you to know that the materials you got from the wallet were the materials that the owner put in there. What goes into the wallet varies by owner (not all owners may have a passport, for example, or univeristy ID), but many wallets will have more than one thing in it. Since a passport is not a valid university ID and a univeristy ID cannot be used to demonstrate the ability to drive a car, some method of ensuring that what you take out of the wallet matches the form of ID required is needed (you don't want to hand the passport, driver's license and university ID all over and say "pick one"). regards, Ted Hardie On Tue, Jan 08, 2002 at 06:26:39PM -0500, Keith Moore wrote: > One thing of which I'm certain is that any key (material) distribution > system which assumes a single model for trust is doomed to near-irrelevance. > Trust is fundamentally a human concept, and humans have a variety of > models for trust. > > I carry several kinds of credentials with me in my wallet. Some of > these make assertions about my identity - effectively associating > a name, physical address, and nationality to someone matching my > physical characteristics. Others make assertions about my ability > to honor a loan agreement, to operate a motor vehicle, to pilot an > aircraft, etc. Different transactions require different combinations > of these credentials. My passport will not substitute for my university > identification card, nor vice versa, even though both are (to some > degree) assertions about of my identity. Fraudulent use of a credit > card has a different kind of risk than fraudulent use of a passport, > and there are different mechanisms to minimize the negative effects > of those risks. > > Trust models in cyberspace will need to be similarly varied, and > any system for key material distribution will need to accomodate > many different trust models. If it is to be successful it cannot > impose any trust models on its users. The best it can do is to > provide a variety of methods by which a client might verify a > principal's credentials, and let the client decide which one > he/she/it trust for his/her/its particular application. > > And due to several limitations, I think it's going to be very > difficult to cram all of this into DNS. > > Keith > >