[Discuss] root CA bloat
Richard Pieri
richard.pieri at gmail.com
Tue Nov 25 14:52:47 EST 2014
On 11/25/2014 1:15 PM, Derek Martin wrote:
> Let's say I meet you on the street, and you tell me you are Steven
> Smith, and produce very good fake ID to that effect. As it happens
> (in this scenario) I am exceptionally good at spotting fake ID. I
> prove that your ID is fake. This does not prove to me who you are--it
> only proves to me one identity whom you are not.
It proves that I'm that particular guy you met on the street. You may
not know my real identity but you still have a piece of information -- a
fingerprint if you will -- that is uniquely mine. If that fingerprint is
used then you know that it's the guy you met on the street with Steven
Smith fake ID #32. That's all you need if you want to communicate with
fake Steven Smith #32.
At which point a web of trust or hybrid web and chain can be used if you
need more than that. It's not an unsolvable problem. It's already been
solved: social networks. What is your friends list on Facebook? It's a
web of trust. What is a "like" on Facebook? It's someone in your web of
trust endorsing some bit of information that you will see in your news
feed given enough endorsements.
--
Rich P.
More information about the Discuss
mailing list