Re: editorial on Photuris

[Charles Blauner <blauner_notes@jpmorgan.com>]

At this point it is not clear that any certificate format has the backing to be 
the only one
included in any standards work.

Although PGP is clearly the most common encryption tool used by people on the 
net today,
at least in the Financial industry, I don't know of anyone who would use PGP 
for commerical/
business transactions. Almost every company I know down here on Wall Street is 
looking at
deploying public-key infrastructures over the next year or two. Every one of 
those firms, or
at least the set with which I have regular contact, is basing that 
infrastructure on X.509
certificate based products. The format of the certificate and the trust model 
implied by version 3
certificates and certification authorities is the one of choice (at least for 
now) for financial firms.

I also would suggest that you try and separate the debate over certificate 
format from the debate
over where certificates can live. Why can't we use X.509 certificates without 
an X.500 directory.
If I recall correctly, didn't the spec for DNS security include the ability to 
store an X.509
certificate in DNS?

Charles Blauner

Perry Metzger wrote in response to Stephen Kent:

Stephen Kent writes:
>         I respectfully disagree with your conclusions re use of PGP
> certificates with Photuris.  While PGP is the most widely used secure email
> protocol in the Internet, its use is not all that widespread in the "grand
> scheme of things."

Steve;

I would suggest that X.509 certificates are also not widespread in the
"grand scheme of things" and require a horrifying X.500 infrastructure
for real world use -- an infrastructure that most people are unwilling
to deploy -- and require the use of distinguished names which, for
better or worse, are have proven unacceptable to the internet
community.

I, for one, would be happy to sit down around the virtual (or real)
table with a bunch of other people in who have an interest in this and
come up with a clean, "internet compatible" certificate format and
infrastructure. I know that Don Eastlake was starting work on such a
thing. Rather than trying to beat the dead X.509 horse, perhaps the
concerned parties could all get into a dialog goin


To: kent @ bbn.com (Stephen Kent) @ SMTP
cc: rja @ cs.nrl.navy.mil @ SMTP, watt @ sware.com (Charles Watt) @ SMTP, ipsec 
@ ans.net @ SMTP
From: perry @ piermont.com ("Perry E. Metzger") @ SMTP
Sent: Tue 11/14/95 05:50:29 PM
Subject: Re: editorial on Photuris


Stephen Kent writes:
>         I respectfully disagree with your conclusions re use of PGP
> certificates with Photuris.  While PGP is the most widely used secure email
> protocol in the Internet, its use is not all that widespread in the "grand
> scheme of things."

Steve;

I would suggest that X.509 certificates are also not widespread in the
"grand scheme of things" and require a horrifying X.500 infrastructure
for real world use -- an infrastructure that most people are unwilling
to deploy -- and require the use of distinguished names which, for
better or worse, are have proven unacceptable to the internet
community.

I, for one, would be happy to sit down around the virtual (or real)
table with a bunch of other people in who have an interest in this and
come up with a clean, "internet compatible" certificate format and
infrastructure. I know that Don Eastlake was starting work on such a
thing. Rather than trying to beat the dead X.509 horse, perhaps the
concerned parties could all get into a dialog goin

---

• Prev by Date: Re: editorial on Photuris
• Next by Date: Re: editorial on Photuris
• Prev by thread: Re: editorial on Photuris
• Next by thread: Re: editorial on Photuris
• Index(es):
  • Main
  • Thread