[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
Carl Ellison wrote:
>
> I'm starting to believe that one motivation for pushing X.509 comes from its
> complexity. That complexity (the need to process ASN.1, the huge number of
> fields, the unwieldiness of DNs, ...) discourages individual developers in
> their garages from generating and processing X.509 certificates. There are
> some companies who have invested or will invest in the machinery to process
> these certificates and the more complex they are, the fewer competitors
> these companies have to worry about.
I proposed this theory on PKIX back when SPKI was a twinkle in somebody's eye.
Funnily enough it got a very frosty reception...
>
> One of the things I believe we need to do with SPKI certificates is lower
> the bar to entry so that individuals and small companies can easily generate
> and process certificates without buying certificates(*) or certificate
> processing software from anyone else.
Absolutely.
>
> - Carl
>
> (*) My friends at Verisign should remember that I am all in favor of
> commercial CAs selling certificates if the content of that certificate is
> worth the money. A commercial CA offers higher security cryptography,
> strong personnel security, a published signature policy, ..., and those are
> worth some amount of money. How much is for the market to determine.
>
> +--------------------------------------------------------------------------+
> |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
> |CyberCash, Inc. http://www.cybercash.com/ |
> |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
> +--------------------------------------------------------------------------+
>
--
Ben Laurie Phone: +44 (181) 994 6435
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director Email: ben@algroup.co.uk
A.L. Digital Ltd, URL: http://www.algroup.co.uk
London, England. Apache Group member (http://www.apache.org)
References: