[db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database

On onsdag, jul 16, 2003, at 16:28 Europe/Stockholm, Randy Bush wrote:

> so i am supposed to install the RIRs' certs in my browser as root
> CAs and ignore the big hole for attack this opens?  i already
> *remove* a bunch of root CAs when i bring up a new browser.  this
> is the new internet.  get paranoid.
>
> let the RIRs spend a few of the bucks they have getting their certs
> signed by a well-trusted root CA.

It all depends on who you trust.

If I personally am to communicate with someone, I want to have that 
other party give me via in-real-life-communication his fingerprint for 
his PGP key (and vice versa). Then we have the trust relationship 
needed. I can further in all PGP implementations I have seen say "I do 
_NOT_ trust this other party as one which introduces others (I trust 
him, but not keys he sign). I have not seen you can do that with 
X.509/SSL.

This which Randy point out is very important, as with X.509 you always 
need a third party. There are good reason why the RIR should get their 
cert from a "real" CA, but then both the RIR and the customer need to 
trust this third party. Do we trust the third party more than the RIR?

    paf