[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Carl Ellison <cme@cybercash.com>*Subject*: Re: one possible motivation for X.509*From*: "Buffam, William J TR" <bjb@trsvr.tr.unisys.com>*Date*: Thu, 18 Jul 1996 14:22:28 +0000*Cc*: spki@c2.org*Organization*: Unisys*References*: <2.2.32.19960718155303.008bf6cc@cybercash.com>*Reply-To*: bjb@trsvr.tr.unisys.com

Okay, Carl, I'll take the bait. I'm never afraid of asking the really dumb questions.... The way I heard it was that PEM, which was the first real deployed attempt to use a PKI, ran into a lot of problems because of the paucity of information in the X.509 certificate. Hence all the stuff added in v1 and v3. Now (okay, this is a bit of a punt - I haven't gone in and done a bit-by-bit comparison) SPKI appears to have said "let's get rid of this X.509 complexity and get back to something simpler" , essentially ending up with something similar to an X.509 v1 cert (okay, with simpler naming). So why will SPKI not run into the same problems that caused v1 certs to get expanded to v3? And why will naming problems go away, and the whole business become magically simple, by doing away with DNs? And why are S-expressions so much easier than ASN.1? (I personally am not an actual code implementor, but at least one commentator on these channels has claimed there's no lower work factor with S-exprs). -- Bill Buffam Unisys, Malvern PA bjb@trsvr.tr.unisys.com

**Re: one possible motivation for X.509***From*: Jeff Allen <jeff@bunyip.com>

**one possible motivation for X.509***From*: Carl Ellison <cme@cybercash.com>

- Prev by Date:
**Re: one possible motivation for X.509** - Next by Date:
**one possible motivation for X.509** - Prev by thread:
**one possible motivation for X.509** - Next by thread:
**Re: one possible motivation for X.509** - Index(es):