... I think what's being referred to in most cases when the term PKI is used isn't any kind of infrastructure but a utopia in which all security problems are ...
945
Carl Ellison
cme@...
Jun 7, 2001 11:52 am
... Hash: SHA1 ... I like the term Trust Management, and liked it when [BFL] came up with it, but I have had a problem with the use of the word "Trust" for...
946
Carl Ellison
cme@...
Jun 7, 2001 11:53 am
... Hash: SHA1 ... Liability management is another good thing and I don't see enough written about it. I don't think we address it, however. ... Amen,...
947
Carl Ellison
cme@...
Jun 7, 2001 11:54 am
... Hash: SHA1 ... Peter, that's a great thought. When you remember what that paper is, can you send the pointer to the list? - Carl ... Version: PGP 6.5.2 ...
... Hash: SHA1 ... I like your definition of infrastructure, here. That's one that I use to describe my own activities. I especially like your use of...
951
Carl Ellison
cme@...
Jun 7, 2001 12:14 pm
... Hash: SHA1 ... Ah yes, Directory. This is X.500 in sheeps clothing. Or maybe the Devil, in some sweet disguise. I have a great sermon by a retired bishop...
952
James A. Rome
jar@...
Jun 7, 2001 1:01 pm
Carl, Bob, and others, I too have become increasingly disappointed in the application of certificates to authentication and authorization. As Carl pointed out...
953
Peter Gutmann
pgut001@...
Jun 7, 2001 3:03 pm
... There's actually a variety of subclasses here, from my crypto tutorial: Types of trust Blind trust Sometimes the only option, eg emergencies Swift trust ...
954
Carl Ellison
cme@...
Jun 7, 2001 3:57 pm
... Hash: SHA1 ... Actually, that third one might better be called "psychotic trust", now that I think about it. Isn't that someone's definition of a...
955
David P. Kemp
dpkemp@...
Jun 7, 2001 4:07 pm
James, What is the cause of the disappointment? That DOE has not attempted to apply certificates to authorization, or that it has made a serious, thoughtful...
956
James A. Rome
jar@...
Jun 7, 2001 5:12 pm
Let's assume that I use out of band information. The problem is that I in the Collaborative Domain (CD) have certain policies that I want to enforce, and the...
957
Tony Bartoletti
azb@...
Jun 7, 2001 6:18 pm
... This suggests that "Capability Management System" or Infrastructure is also an accurate description for that which SPKI supports. Perhaps this is why ...
958
Bill Frantz
frantz@...
Jun 7, 2001 6:40 pm
... Peter may be thinking about a discussion on the E Language list. Some of the references are: ...
959
Carl Ellison
cme@...
Jun 8, 2001 12:57 am
... Hash: SHA1 Jim, this is a great discussion. As usual, Dave is almost 100% on the money. The one place I disagree with him is at the end of his message. I...
960
James A. Rome
jar@...
Jun 8, 2001 1:24 pm
Since I am in a non-defense lab, we do not do (much) classified work, and do not have secure computers with MAC. :-(( I have often longed for something like a...
961
Carl Ellison
cme@...
Jun 8, 2001 2:22 pm
... Hash: SHA1 ... You're right, it's possible to put great enforcement into the programming language, if you have an interpreted language and it's designed...
962
Tony Bartoletti
azb@...
Jun 8, 2001 6:08 pm
... [snip] ... I do agree. The point was whether "to trust" = "to rely upon". It tends to be so in the hypothetical, but although you might not trust that...
963
Pornthep Narula
tep@...
Jun 8, 2001 7:15 pm
... [...] ... [...] ... i guess we could choose to either 1) continue debating and try to reach a closed-group consensus on the definitions of these...
964
Pornthep Narula
tep@...
Jun 8, 2001 10:28 pm
... Aso, Neville Holmes recently brought up terminology standards issue on his 'The Profession' column in the IEEE Computer May 2001 issue titled 'The Great ...
965
Tony Bartoletti
azb@...
Jun 8, 2001 10:47 pm
Pornthep, First, thanks for the dictionary link! Some comments below. ... It is always a bit of both. ... The problem with most dictionaries is that they are...
966
Martin Smith
mfsmith@...
Jun 9, 2001 12:56 am
Well, then this suggests a time element (as in net present value of the negative future harm.) I'm not actually going anywhere with this thought . .. but it...
967
Tony Bartoletti
azb@...
Jun 9, 2001 1:36 am
... Good point. We often toss probabilities around in formulas, and don't include at least one of "per unit time", or "per event, per transaction", or some...
968
R. A. Hettinga
rah@...
Jun 9, 2001 1:51 am
... Finance, boys and girls. Finance. ... Cheers, RAH (Carl says this all the time. It's true. :-)) -- ... R. A. Hettinga <mailto: rah@...> The Internet...
969
Niels Möller
nisse@...
Jun 9, 2001 1:35 pm
... I think the defining component of psychosis is a distorted perception of reality. If I'm psychotic, I might honestly believe that I am Elvis Presley and ...
970
Ng Pheng Siong
ngps@...
Jun 9, 2001 4:26 pm
... Hi, There is a project called Akenti, which is ... calling trusted assistant Mr Google ... ah, here it is: http://www-itg.lbl.gov/security/Akenti/ <blurb>...
971
James A. Rome
jar@...
Jun 9, 2001 5:16 pm
I am well aware of Akenti. The main problem it solves is stakeholder's rights, but aside from allowing or disallowing access to a resource, Akenti has no...
972
Pornthep Narula
tep@...
Jun 10, 2001 11:57 pm
... my pleasure! ... unfortunately, we (in general) seems to have been doing much of the former and too little of the latter.... ... i agree that traditional...
973
Peter Gutmann
pgut001@...
Jul 5, 2001 4:55 am
... I've found the paper, it's "Why Isn't Trust Transitive" by Bruce Christianson and William Harbison, proceedings of the (first) Security Protocols Workshop,...
