Pragmatics: Identifying Principals
Digital Certificates alone arenít trustworthy
- [Kohnfelder78] introduced Certification Authorities
CA Utility is proportional to its reach
- Clearinghouse simplifies group-membership
... But its power is inversely related
- The further up the pyramid, the greater the liability
Unprincipled compared to PGP/SPKI/SDSI:
- Identity certificates are not specific about authorization
- Hierarchy ends in God, not self
- Logistical difficulties of updating global revocation lists