Public Key Infrastructure
All of the identification systems presented in the previous section share a common flaw: they allow people to create private relationships between themselves and a particular computer system, but they don’t allow these relationships to be framed within the context of a larger society. They are all private identification systems, not public ones.
For example, say that Jonathan Marshall enrolls with a nationwide
online service and creates an email account. When he creates the
account, he gets a username, jonathan, and a
password, deus451. Whenever Jonathan wishes to
pick up his email, he uses his password to prove his identity. He
might even create a private key to prove his identity, and give his
online service a copy of his public key.
Now imagine that Jonathan loses his password. He can always go back
to the nationwide service and create a new username,
jmarshall, and a new password,
excom3.0. But how does Jonathan convince the
people he has been exchanging email with that jonathanand jmarshall are actually the same
person?
One way that Jonathan could try to prove his identity would be for him to email his telephone number to his friends, and ask them to call him. This might work for people who had heard Jonathan’s voice. Others, though, would have no way of knowing if Jonathan’s voice really belonged to Jonathan or belonged to an imposter. This technique also wouldn’t work if Jonathan was in the habit of posting in public forums: if there were thousands ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access