That would be one way to do it. But I think he was thinking of a more centralized approach.<br>
<br>
IIRC, there are centralized and decentralized models. PGP uses a
decentralized model, where people who know each other sign each others
pgp keys. For example, if you and I sign each others keys, then I
can vouch for you being who your key says you are, and vice
versa. This model scales very well, since it has been calculated
that within a 'span of five', one can reach almost everyone on the
planet. You know me with a span of one (from you to me), and you
know my parents with a span of two (from you to me, and then to my
parents), etc. This model is very robust against attacks since
each link stands by itself.<br>
<br>
Centralized models have a central registration server that issues
certificates, and are easier to set up, but have a single point of
failure, plus the whole network can be compromised with a successful
attack on the registration server, which can bring down the entire
network of credentials. Servers can be attacked with computers,
or their owners can be attacked physically, by mafia, law enforcement,
etc.<br>
<br>
Certificate Authorities are favored by governments, whereas
decentralized models are favored by egalitarian communities. Both
work, but whom do you trust more: governments or colleagues?<br>
<br>
I favor the decentralized approach because it is so much more robust
against attacks, and also avoids centralization of power with its
grassroots community structure.<br><br><div><span class="gmail_quote">On 10/18/05, <b class="gmail_sendername">Tzafrir Cohen</b> <<a href="mailto:tzafrir@cohens.org.il">tzafrir@cohens.org.il</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, Oct 18, 2005 at 06:48:05PM -0400, Dave Grey wrote:<br>><br>> On Oct 18, 2005, at 4:44 PM, trixter aka Bret McDanel wrote:<br>> ><br>> >While I appreciate the problems Matthew is going through, this is a
<br>> >complex issue, and one that has plagued the net for a long time.<br>> >How do<br>> >you authenticate random people on the internet as 1. unique and 2. as<br>> >themselves.<br>><br>> Could
x.509 help here? It is a lot of added overhead, for sure, but<br>> if some one were to create an asterisk-community CA and implement a<br>> "web of trust" model... *shrug*.<br><br>you mean: send an email message at registration time and require that
<br>the reply is signed by a "respectable" PGP key?<br><br>--<br>Tzafrir Cohen | <a href="mailto:tzafrir@jbr.cohens.org.il">tzafrir@jbr.cohens.org.il</a> | VIM is<br><a href="http://tzafrir.org.il">http://tzafrir.org.il
</a>
|
| a Mutt's<br><a href="mailto:tzafrir@cohens.org.il">tzafrir@cohens.org.il</a>
|
| best<br>ICQ#
16849755
|
| friend<br>_______________________________________________<br>--Bandwidth and Colocation sponsored by <a href="http://Easynews.com">Easynews.com</a> --<br><br>Asterisk-Users mailing list<br><a href="mailto:Asterisk-Users@lists.digium.com">
Asterisk-Users@lists.digium.com</a><br><a href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users">
http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br>