[Asterisk-Users] free dids on goiax.com
John Wenger
netskier at gmail.com
Tue Oct 18 17:45:39 MST 2005
That would be one way to do it. But I think he was thinking of a more
centralized approach.
IIRC, there are centralized and decentralized models. PGP uses a
decentralized model, where people who know each other sign each others pgp
keys. For example, if you and I sign each others keys, then I can vouch for
you being who your key says you are, and vice versa. This model scales very
well, since it has been calculated that within a 'span of five', one can
reach almost everyone on the planet. You know me with a span of one (from
you to me), and you know my parents with a span of two (from you to me, and
then to my parents), etc. This model is very robust against attacks since
each link stands by itself.
Centralized models have a central registration server that issues
certificates, and are easier to set up, but have a single point of failure,
plus the whole network can be compromised with a successful attack on the
registration server, which can bring down the entire network of credentials.
Servers can be attacked with computers, or their owners can be attacked
physically, by mafia, law enforcement, etc.
Certificate Authorities are favored by governments, whereas decentralized
models are favored by egalitarian communities. Both work, but whom do you
trust more: governments or colleagues?
I favor the decentralized approach because it is so much more robust against
attacks, and also avoids centralization of power with its grassroots
community structure.
On 10/18/05, Tzafrir Cohen <tzafrir at cohens.org.il> wrote:
>
> On Tue, Oct 18, 2005 at 06:48:05PM -0400, Dave Grey wrote:
> >
> > On Oct 18, 2005, at 4:44 PM, trixter aka Bret McDanel wrote:
> > >
> > >While I appreciate the problems Matthew is going through, this is a
> > >complex issue, and one that has plagued the net for a long time.
> > >How do
> > >you authenticate random people on the internet as 1. unique and 2. as
> > >themselves.
> >
> > Could x.509 help here? It is a lot of added overhead, for sure, but
> > if some one were to create an asterisk-community CA and implement a
> > "web of trust" model... *shrug*.
>
> you mean: send an email message at registration time and require that
> the reply is signed by a "respectable" PGP key?
>
> --
> Tzafrir Cohen | tzafrir at jbr.cohens.org.il | VIM is
> http://tzafrir.org.il | | a Mutt's
> tzafrir at cohens.org.il | | best
> ICQ# 16849755 | | friend
> _______________________________________________
> --Bandwidth and Colocation sponsored by Easynews.com <http://Easynews.com>--
>
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20051018/2eee8bba/attachment.htm
More information about the asterisk-users
mailing list