[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

Okay, Carl, I'll take the bait. I'm never afraid of asking the really dumb 

The way I heard it was that PEM, which was the first real deployed attempt to 
use a PKI, ran into a lot of problems because of the paucity of information in 
the X.509 certificate. Hence all the stuff added in v1 and v3.

Now (okay, this is a bit of a punt - I haven't gone in and done a bit-by-bit 
comparison) SPKI appears to have said "let's get rid of this X.509 complexity 
and get back to something simpler" , essentially ending up with something 
similar to an X.509 v1 cert (okay, with simpler naming).

So why will SPKI not run into the same problems that caused v1 certs to get 
expanded to v3?

And why will naming problems go away, and the whole business become magically 
simple, by doing away with DNs?

And why are S-expressions so much easier than ASN.1? (I personally am not an 
actual code implementor, but at least one commentator on these channels has 
claimed there's no lower work factor with S-exprs).


Bill Buffam
Unisys, Malvern PA

Follow-Ups: References: