Pragmatics: Identifying Principals

• Digital Certificates alone arenít trustworthy

  • [Kohnfelder78] introduced Certification Authorities

• CA Utility is proportional to its reach

  • Clearinghouse simplifies group-membership

• ... But its power is inversely related

  • The further up the pyramid, the greater the liability

• Unprincipled compared to PGP/SPKI/SDSI:

  • Identity certificates are not specific about authorization
  • Hierarchy ends in God, not self
  • Logistical difficulties of updating global revocation lists

Previous slide

Next slide

Back to first slide

View graphic version