[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

one possible motivation for X.509

I'm starting to believe that one motivation for pushing X.509 comes from its
complexity.  That complexity (the need to process ASN.1, the huge number of
fields, the unwieldiness of DNs, ...) discourages individual developers in
their garages from generating and processing X.509 certificates.  There are
some companies who have invested or will invest in the machinery to process
these certificates and the more complex they are, the fewer competitors
these companies have to worry about.

One of the things I believe we need to do with SPKI certificates is lower
the bar to entry so that individuals and small companies can easily generate
and process certificates without buying certificates(*) or certificate
processing software from anyone else.

 - Carl

(*) My friends at Verisign should remember that I am all in favor of
commercial CAs selling certificates if the content of that certificate is
worth the money.  A commercial CA offers higher security cryptography,
strong personnel security, a published signature policy, ..., and those are
worth some amount of money.  How much is for the market to determine.

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |