[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editorial on Photuris

To: perry@piermont.com
Subject: Re: editorial on Photuris
From: Charles Watt <watt@sware.com>
Date: Tue, 14 Nov 1995 18:09:06 -0500 (EST)
Cc: kent@bbn.com, rja@cs.nrl.navy.mil, watt@sware.com, ipsec@ans.net
In-Reply-To: <199511142250.RAA06053@jekyll.piermont.com> from "Perry E. Metzger" at Nov 14, 95 05:50:29 pm
Sender: Charles Watt <watt@sware.com>

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 AvLciATbk4mV7/EpUcDsscG1TV3xO3iodlu+VvoJp6PmyoEW0ApR0mGjgJvGvOwn
 0c85EO8nXZTPp1oZ1zSfuvI=

> 
> 
> Stephen Kent writes:
> >         I respectfully disagree with your conclusions re use of PGP
> > certificates with Photuris.  While PGP is the most widely used secure email
> > protocol in the Internet, its use is not all that widespread in the "grand
> > scheme of things."
> 
> Steve;
> 
> I would suggest that X.509 certificates are also not widespread in the
> "grand scheme of things" and require a horrifying X.500 infrastructure
> for real world use -- an infrastructure that most people are unwilling
> to deploy -- and require the use of distinguished names which, for
> better or worse, are have proven unacceptable to the internet
> community.

...

> 
> Perry

Perry:

The use of X.509 certificates in no way requires an X.500 infrastructure.
Nor does the use of DNs ever have to be presented at the user or 
application level.  For a very clean solution to the problem check out our 
HannaH product at http://www.secureware.com/.

But as I've previously stated, this argument is being made out of turn.
Photuris can be completely specified to support user level keying without
any mention of PGP, X.509 or any other mechanism for binding a "name" to
a key.  Let's fix it first so it provides the support we need, advance it
along the standards track, and then have the naming/certification Jihad.

Support for user level keying should be a straight forward extension to
what is currently present in the spec.  Rather than a single identification
field, have two, one identifying the local principal, one identifying the
remote principal, if known.  If the semantics are properly defined, the
remote identification field could:

	- name the targeted principal
	- specify something more vague, such as "the principal on port #"
	- be absent, defaulting to the current behaviour of implying that the
		principal is the remote host.

Charles Watt
SecureWare
-----END PRIVACY-ENHANCED MESSAGE-----

Prev by Date: Re: editorial on Photuris
Next by Date: Re: editorial on Photuris
Prev by thread: Re: editorial on Photuris
Next by thread: Re: editorial on Photuris
Index(es):
- Main
- Thread