[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

To: spki@c2.org
Subject: Re: comments on client auth
From: Bob Smart <smart@mel.dit.csiro.au>
Date: Fri, 14 Jun 1996 22:40:51 +1000
In-Reply-To: Your message of "Thu, 13 Jun 1996 16:38:31 MST." <31C0A677.7BF@verisign.com>
Sender: owner-spki@c2.org

 > I said X.509 DER, not ASN.1

DER = "Distinguished Encoding Rule" (approx). You have to spell out a
very concrete byte-by-byte representation before you can apply MD5-etc
to sign. I always thought that byte-by-byte method was a subset of
ASN.1. I must admit this point was in the middle of a long and
complex document that referenced other long documents which weren't
(at that time) easy to lay your hands on.

At any rate the claim that "this OSI protocol covers lots of things
you dumb Internet folks wouldn't understand, however you can subset
and profile it to get just what you want" has been made for X.400
over SMTP and for X.500 over DNS. My feeling is that it is better to 
start with a simple protocol and if that works you move on to more
complex things. So I hope the people working on SPKI won't be
distracted by arguing. Our opponents have a big advantage over us in
an argument: they can read our documents in a short period of time
and our documents are readily available. We can't argue knowledgably
without wandering into their inaccessable quagmire.

Can we start a mailing list spki.advocacy for these arguments. I won't
subscribe. In the mean time can I ask that people not be suckered in
to these arguments. I already wish I'd taken my own advice...

Bob Smart

References:

Re: comments on client auth

From: Peter Williams <peter@VeriSign.com>

Prev by Date: Re: SDSI name interpretation
Next by Date: Re: comments on client auth
Next by thread: Re: SDSI name interpretation
Index(es):
- Main
- Thread