[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: editorial on Photuris
At this point it is not clear that any certificate format has the backing to be
the only one
included in any standards work.
Although PGP is clearly the most common encryption tool used by people on the
net today,
at least in the Financial industry, I don't know of anyone who would use PGP
for commerical/
business transactions. Almost every company I know down here on Wall Street is
looking at
deploying public-key infrastructures over the next year or two. Every one of
those firms, or
at least the set with which I have regular contact, is basing that
infrastructure on X.509
certificate based products. The format of the certificate and the trust model
implied by version 3
certificates and certification authorities is the one of choice (at least for
now) for financial firms.
I also would suggest that you try and separate the debate over certificate
format from the debate
over where certificates can live. Why can't we use X.509 certificates without
an X.500 directory.
If I recall correctly, didn't the spec for DNS security include the ability to
store an X.509
certificate in DNS?
Charles Blauner
Perry Metzger wrote in response to Stephen Kent:
Stephen Kent writes:
> I respectfully disagree with your conclusions re use of PGP
> certificates with Photuris. While PGP is the most widely used secure email
> protocol in the Internet, its use is not all that widespread in the "grand
> scheme of things."
Steve;
I would suggest that X.509 certificates are also not widespread in the
"grand scheme of things" and require a horrifying X.500 infrastructure
for real world use -- an infrastructure that most people are unwilling
to deploy -- and require the use of distinguished names which, for
better or worse, are have proven unacceptable to the internet
community.
I, for one, would be happy to sit down around the virtual (or real)
table with a bunch of other people in who have an interest in this and
come up with a clean, "internet compatible" certificate format and
infrastructure. I know that Don Eastlake was starting work on such a
thing. Rather than trying to beat the dead X.509 horse, perhaps the
concerned parties could all get into a dialog goin
To: kent @ bbn.com (Stephen Kent) @ SMTP
cc: rja @ cs.nrl.navy.mil @ SMTP, watt @ sware.com (Charles Watt) @ SMTP, ipsec
@ ans.net @ SMTP
From: perry @ piermont.com ("Perry E. Metzger") @ SMTP
Sent: Tue 11/14/95 05:50:29 PM
Subject: Re: editorial on Photuris
Stephen Kent writes:
> I respectfully disagree with your conclusions re use of PGP
> certificates with Photuris. While PGP is the most widely used secure email
> protocol in the Internet, its use is not all that widespread in the "grand
> scheme of things."
Steve;
I would suggest that X.509 certificates are also not widespread in the
"grand scheme of things" and require a horrifying X.500 infrastructure
for real world use -- an infrastructure that most people are unwilling
to deploy -- and require the use of distinguished names which, for
better or worse, are have proven unacceptable to the internet
community.
I, for one, would be happy to sit down around the virtual (or real)
table with a bunch of other people in who have an interest in this and
come up with a clean, "internet compatible" certificate format and
infrastructure. I know that Don Eastlake was starting work on such a
thing. Rather than trying to beat the dead X.509 horse, perhaps the
concerned parties could all get into a dialog goin