@Acer because you still the one who generate the CA and sent it to some ca issuer that could vouch for your ca.
generate the ca or generate the cert?
Central Authority should not be the person await trust
Certificate should be generate by the central Authority not the user.
> Issuer can vouch your...
Isn't issuer the pki?
@Acer ah yes i must mixing thing up a bit.
I always refer certificate as "CA".
Central Authority is just them vouching for your key
Look at my original question.
I knew they might be able to vouch people's public key.
My question is how.
@Acer well. I can put my public key fp and then upload my photos later with me mentioning it on a paper.
That's one way.
What is fp
The keypoint here seems to be the paper.
Why not just mention public key in the paper
@Acer well. Because fingerprint are unique. You can't generate a key with same fingerprints twice and that i think is enough for a method of proof.
But that's need to vouch for fingerprint first instead of public key
If you can do fingerprint vouch first, basically you needn't pki
@Acer
You still need it if your key meant to be used as your main way to connect with people.
Are you satisfied with only one people trusting you ? Are people gonna think the same as you ?
And that's why PKI makes everything easier.
you can just use your key with your fingerprint
You public key can be public without pki
Pki makes things easier possibly not due to fingerprint
@Acer
> you can...
...without pki.
Yes you can always do that. but wouldn't it also serve the same purpose as using PKI too? I mean both way you upload you key fp or public key content anyway.
> PKI makes things easier...
... Fingerprint.
Yes. It make things such as vouching became so much easier.
Upload fp might not be the standard way.
Pki can t vauch fp more easily than to vauch key
@Acer well. Since you upload your key to a key server, your need to share your key to someone is not an issue. They can always pull it from the server.
And instead of uploading your public key to your social media as a method of proof that you own the key after putting it on keyserver.
You can just wrote your fingerprints and took photos with you holding it.
It's just convinient. Since you can't generate a key with the same fingerprints twice (if it did met current standard).
they are more like alternative ways.
@Acer ofc! The key point is trust (if you only exchange your key to one person only) and WOT.
key concept is trust.
But I need more on protocol rather than concept
@Acer you can't have a fixed protocol for an asymetrical encryption, it always change as computing power became buffed overtime, at least that's what current limitation for asymetrical encryption. (Well maybe because it's asymetrical in the first place?)
I find one
https://en.wikipedia.org/wiki/X.509
I m not sure
@Acer are talking web encryption ?
nope
pk cert
but web widely using pki
If you look at cert of websites like twitter or amazon
@Acer in ssl context. You can always generate your own ssl key and then issue them to a ssl certification company Or you can have them generate it and get automatically cerified.
Have you visited nanochan? Their whole networks used ssl but they didn't issue their key to certs company.
Their web is one the example how ssl key and certs can be fully generated without issuer.
But again how can you be so sure if it's not some malicious who trying to take over their site when they also generate and sign their own certificate.
And that's where ssl company comes in handy.
@deesapoetra
They are examples for using pki
Though they also apply other encryptions