[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

Carl Ellison wrote:
> I'm starting to believe that one motivation for pushing X.509 comes from its
> complexity.  That complexity (the need to process ASN.1, the huge number of
> fields, the unwieldiness of DNs, ...) discourages individual developers in
> their garages from generating and processing X.509 certificates.  There are
> some companies who have invested or will invest in the machinery to process
> these certificates and the more complex they are, the fewer competitors
> these companies have to worry about.

I proposed this theory on PKIX back when SPKI was a twinkle in somebody's eye.
Funnily enough it got a very frosty reception...

> One of the things I believe we need to do with SPKI certificates is lower
> the bar to entry so that individuals and small companies can easily generate
> and process certificates without buying certificates(*) or certificate
> processing software from anyone else.


>  - Carl
> (*) My friends at Verisign should remember that I am all in favor of
> commercial CAs selling certificates if the content of that certificate is
> worth the money.  A commercial CA offers higher security cryptography,
> strong personnel security, a published signature policy, ..., and those are
> worth some amount of money.  How much is for the market to determine.
> +--------------------------------------------------------------------------+
> |Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
> |CyberCash, Inc.                              http://www.cybercash.com/    |
> |207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
> +--------------------------------------------------------------------------+

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.            Apache Group member (http://www.apache.org)