Re: [TLS] EU cards

Nikos Mavrogiannopoulos <> Fri, 29 July 2011 09:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A1F1C21F84F6 for <>; Fri, 29 Jul 2011 02:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c++7Ydjccprv for <>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A814321F8A6C for <>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Received: by pzk6 with SMTP id 6so5660026pzk.26 for <>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=EVMW4wjBrweNfJl7TG5swEYdJ/X9aG+rl0zMoWbQtjA=; b=ex1zBYmW4hACtZy56SQZfrhe9sB+GjvM8pAOYvDl4aOd0ahusZ5D5Od473xc0qmW4z YkniJwBkKm3JYz5xAzW5dXsQ1pxXnoHAok+gQtfPJRh41zGG56kZzWSlimiw9YwJhgx6 VrSE/B3UTEJd2RsJTVunSuMayvvby756fUVxg=
MIME-Version: 1.0
Received: by with SMTP id j1mr1652054pbc.384.1311930054198; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Received: by with HTTP; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
Date: Fri, 29 Jul 2011 11:00:54 +0200
X-Google-Sender-Auth: jOan4tJbOiEAAj1HArCHvMHAbEo
Message-ID: <>
From: Nikos Mavrogiannopoulos <>
To: Henry Story <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] EU cards
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Jul 2011 09:00:55 -0000

On Fri, Jul 29, 2011 at 10:00 AM, Henry Story <> wrote:
> My take from this whole discussion is that PKI has been sold to unilaterally to one group of people. It has been sold to large banks and security heavy industries. They tend to make things more complicated, and their security people are too security conscious, having to deal with the most determined enemies. A good security profession in banks MUST like a good military man, be far from the daily family life. He is there to think about disasters, so that they don't happen, so that nobody should think about them.
> That is what offers. Start with the low hanging problems: passwords. Then move on to add technology piece by piece to move up the security ladder.  This is the way technology works. Microsoft started with DOS and moved its way up to more and more secure versions of Windows - whatever you think of their OS you can't deny that that was a very successful strategy.

If you are referring to PKI as in PKIX (X.509) then banks had nothing
to do with it. Banks had their own set of standards that never took
off. PKIX was based on a telecommunications standard, that evolved
over the years as DOS in your example did. Many people think that this
was a sucessful strategy as well, and some others think it is just