To:
Derek Atkins <derek@ihtfp.com>
cc:
Keith Moore <moore@cs.utk.edu>, "John Stracke" <jstracke@incentivesystems.com>, Key Distribution <keydist@cafax.se>
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 12 Jun 2002 18:30:53 -0400
In-reply-to:
(Your message of "12 Jun 2002 18:18:57 EDT.") <sjmk7p43zu6.fsf@kikki.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
> > and also provided people don't say "hey, now there's a PKI, so I really can > > trust it!" > > Are people saying that with existing PKIs? Regardless, is that really > a technical problem with a technical solution? Or is it a > social/educational problem with a social/educational solution? Keep > in mind how bad it is to try to cross solution-spaces. I don't think it's productive to try to completely separate the two, as they go hand-in-hand. Many security problems stem from mis-application of and/or investing too much trust in security technologies. Depending on how you look at this this could either be a technical problem (the technology doesn't meet the requirements) or a educational problem (the limitations of the technology should have been respected). Realistically, I think we need to recognize that people will want to be able to invest a lot of trust in something that looks like a global PKI - especially since the global PKI has long been a sort of Holy Grail that would someday save us all when it was finally discovered. If what is being proposed is not that trustworthy, and assuming that a technology that meets some lesser goal is worth implementing for is own sake (it's not clear to me at this point) then it would be a good idea to find a better way to market it. Otherwise it will be deemed a failure either because people were expecting a global PKI and we didn't deliver, or because people tried to place more trust in it than was warranted and got burned. Neither of these seems to promote security. Sadly, I don't think that engineering efforts on things that will affect large numbers of users can ignore public perception and still be successful. Keith