Re: editorial on Photuris

["Perry E. Metzger" <perry@piermont.com>]

Charles Watt writes:
> > I'm afraid that we already have a proposal for embedding certificates
> > in the DNS that doesn't make it look like X.500. Don't assume everyone
> > is as incapable of producing a clean and simple solution as the ISO.
> 
> I'm not making this particular assumption.  My assumption is that you
> are short sighted -- slam in certificates and our security problems
> are solved.  Well, I would like this infrastructure to be useful for
> more than IP security, say for Electronic Commerce.  This means that
> you need LOTS more stuff, like the CA's policy statement, a pointer to
> the CA's real-time electronic notary, the authorizations granted to me
> by my employer for EDI transactions, etc...  DNS bloat == X.500.

None of that stuff at all needs to be in the DNS qua
DNS -- you just need to be able to find it.

Incidently, the problems with X.500 stem from its design and not from
the amount of content.

> As these issues have no relevance to Photuris, the Photuris spec should
> be independent of the mechanism binding name and key.

I've already said that. This is another topic.

> You might also touch base with the pkix working
> group, they seem to think that this infrastructure is their charter.

I monitor their discussions. They are running on the assumption
everyone loves X.509, so it isn't clear that they are going to
actually get anywhere. IETF groups that don't have widespread
community support often end up with no one listening -- which is as it
should be.

Perry

---

• Prev by Date: Re: editorial on Photuris
• Next by Date: Re: editorial on Photuris
• Prev by thread: Re: editorial on Photuris
• Next by thread: Re: editorial on Photuris
• Index(es):
  • Main
  • Thread