Transport-level encryption with Tcpcrypt
Posted Sep 4, 2010 4:52 UTC (Sat) by zooko (guest, #2589)
ssh's model which Peter Gutmann calls the "baby-duck" model or "key continuity"
Web of Trust by Phil Zimmermann
The FreeS/WAN project by John Gilmore, Hugh Daniel et al., known as "Opportunistic Encryption".
The Capability Access Control model:
Zooko's Triangle and Pet Names:
(Those last three are self-citations.)
The overall theme here is that the good ideas about robust decentralized security came originally from systems researchers and hackers, not from cryptographers. Cryptographers traditionally focused on elegant mathematical models and (with almost no explicit justification) they settled on the globe-spanning, centralized, hierarchical security model that we all know and love today as "PKI".
Posted Sep 6, 2010 3:20 UTC (Mon) by zooko (guest, #2589)
Carl Ellison. Establishing Identity Without Certification Authorities. In Proc. Sixth USENIX Security Symposium, pages 6776, Berkeley, 1996. Usenix.
Again, this is a fellow who is basically a systems researcher, not a cryptographer as such (he has no publications in crypto theory to my knowledge), and he was publishing good ideas along these lines back in '96.
Oh, and of course Ron Rivest was doing a very similar thing in '96: http://people.csail.mit.edu/rivest/sdsi10.html
So there's the first example I can come up with of a bona fide cryptographer giving us something more robust and decentralized than the PKI model.
Posted Sep 6, 2010 3:26 UTC (Mon) by zooko (guest, #2589)
Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings 1996 IEEE Symposium on Security and Privacy, page (to appear), May 1996.
Also real cryptographers.
But I should emphasize that while SDSI and to a lesser extent PolicyMaker were influential, these were exceptions to the centralized hierarchical PKI model that dominated cryptography, and they were too late. By 1996 the damage had already been done when Netscape engineers baked the PKI model into their socket encryption protocol, SSL.
Posted Sep 6, 2010 3:27 UTC (Mon) by zooko (guest, #2589)
Okay I'm definitely going to stop following-up to myself now. :-)
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds