Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Trusted third party
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Actual practice== How to arrange for (trustable) third parties of this type is an unsolved problem.<ref>{{cite book | doi=10.1007/978-3-642-33448-1_12 | chapter=Cryptographic Dysfunctionality-A Survey on User Perceptions of Digital Certificates | title=Global Security, Safety and Sustainability & e-Democracy | series=Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering | date=2012 | last1=Zissis | first1=Dimitrios | last2=Lekkas | first2=Dimitrios | last3=Koutsabasis | first3=Panayiotis |editor1=Georgiadis, C.K. |editor2=Jahankhani, H. |editor3=Pimenidis, E. |editor4=Bashroush, R. |editor5=Al-Nemrat, A. | volume=99 | pages=80β87 | isbn=978-3-642-33447-4 |publisher=Springer |location=Berlin, Heidelberg}}</ref> So long as there are motives of greed, politics, revenge, etc., those who perform (or supervise) work done by such an entity will provide potential loopholes through which the necessary trust may leak. The problem, perhaps an unsolvable one, is ancient and notorious. That large impersonal corporations make promises of accuracy in their attestations of the correctness of a claimed public-key-to-user correspondence (e.g., by a [[certificate authority]] as a part of a [[public key infrastructure]]) changes little. As in many environments, the strength of trust is as weak as its weakest link. When the infrastructure of a ''trusted'' CA is breached the whole chain of trust is broken. The 2011 incident at [[certificate authority|CA]] [[DigiNotar]] broke the trust of the Dutch government's [[public key infrastructure|PKI]], and is a textbook example of the weaknesses of the system and the effects of it.<ref>Guardian: [https://www.theguardian.com/technology/2011/aug/30/faked-web-certificate-iran-dissidents Rogue web certificate could have been used to attack Iran dissidents], visited 11 September 2011</ref> As [[Bruce Schneier]] has pointed out, after the [[2013 mass surveillance disclosures]], no third party should in fact ever be trusted. The [[Pretty Good Privacy|PGP]] cryptosystem includes a variant of the TTP in the form of the [[web of trust]]. PGP users digitally sign each other's certificates and are instructed to do so only if they are confident the person and the public key belong together. A [[key signing party]] is one way of combining a get-together with some certificate signing. Nonetheless, doubt and caution remain sensible as nothing prevents some users from being careless in signing others' certificates. Trusting humans, or their organizational creations, can be risky. For example, in financial matters, bonding companies{{clarify|what are they?|date=April 2023}} have yet to find a way to avoid losses in the real world.{{clarify|how is this relevant to the main topic?|date=April 2023}}{{Citation needed|date=April 2023}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)