[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509


	Is this an admission of defeat ?  Have we finally made
	X.509 so complex that you can't "clear the hurdle" ?
	We are close to exceeding our own capacity to understand
	it ourselves so if you "cry uncle" then we can all breathe
	a sigh of relief and stop trying to invent more complexity.

	Sorry ... I couldn't resist.  You do sound a bit frustrated.

Havin' fun,


> From owner-spki%c2.org@infinity.c2.org  Thu Jul 18 12:32:24 1996
> X-Sender: cme@cybercash.com
> Mime-Version: 1.0
> Date: Thu, 18 Jul 1996 11:53:03 -0400
> To: spki@c2.org
> From: Carl Ellison <cme@cybercash.com>
> Subject: one possible motivation for X.509
> I'm starting to believe that one motivation for pushing X.509 comes from its
> complexity.  That complexity (the need to process ASN.1, the huge number of
> fields, the unwieldiness of DNs, ...) discourages individual developers in
> their garages from generating and processing X.509 certificates.  There are
> some companies who have invested or will invest in the machinery to process
> these certificates and the more complex they are, the fewer competitors
> these companies have to worry about.
> One of the things I believe we need to do with SPKI certificates is lower
> the bar to entry so that individuals and small companies can easily generate
> and process certificates without buying certificates(*) or certificate
> processing software from anyone else.
>  - Carl
> (*) My friends at Verisign should remember that I am all in favor of
> commercial CAs selling certificates if the content of that certificate is
> worth the money.  A commercial CA offers higher security cryptography,
> strong personnel security, a published signature policy, ..., and those are
> worth some amount of money.  How much is for the market to determine.
> +--------------------------------------------------------------------------+
> |Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
> |CyberCash, Inc.                              http://www.cybercash.com/    |
> |207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
> +--------------------------------------------------------------------------+