[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
Okay, Carl, I'll take the bait. I'm never afraid of asking the really dumb
questions....
The way I heard it was that PEM, which was the first real deployed attempt to
use a PKI, ran into a lot of problems because of the paucity of information in
the X.509 certificate. Hence all the stuff added in v1 and v3.
Now (okay, this is a bit of a punt - I haven't gone in and done a bit-by-bit
comparison) SPKI appears to have said "let's get rid of this X.509 complexity
and get back to something simpler" , essentially ending up with something
similar to an X.509 v1 cert (okay, with simpler naming).
So why will SPKI not run into the same problems that caused v1 certs to get
expanded to v3?
And why will naming problems go away, and the whole business become magically
simple, by doing away with DNs?
And why are S-expressions so much easier than ASN.1? (I personally am not an
actual code implementor, but at least one commentator on these channels has
claimed there's no lower work factor with S-exprs).
--
Bill Buffam
Unisys, Malvern PA
bjb@trsvr.tr.unisys.com
Follow-Ups:
References: