[OpenID] Failure of PKI

Ka-Ping Yee openid at zesty.ca
Tue Jan 23 00:56:30 UTC 2007


On Mon, 22 Jan 2007, Hallam-Baker, Phillip wrote:
> SSL achieves the original security goals set for it.
>
> SSL does not achieve every security goal, that is not a failure.
> Certainly there are no grounds for the claim PKI has failed when
> it has succeeded in its original limited goals.

You appear to be making the claim that PKI has been successful.
I'm asking for the grounds for your claim.

SSL and PKI are not the same thing; the widespread adoption of SSL
does not imply that PKI has achieved its goals.  To back up your
claim, could you state what you believe PKI is supposed to achieve,
and how you know that it has been successful at achieving that?

As far as I know, the goal of PKI is to establish a party's identity.
But SSL, the application of PKI that you highlight as a success story,
fails to prevent impersonation.  That to me is a failure of PKI.

Did you have a different goal in mind?


-- ?!ng



More information about the general mailing list