[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

> From: Carl Ellison <cme@cybercash.com>
> I'm starting to believe that one motivation for pushing X.509 comes from its
> complexity.  That complexity (the need to process ASN.1, the huge number of
> fields, the unwieldiness of DNs, ...) discourages individual developers in
> their garages from generating and processing X.509 certificates.  There are
> some companies who have invested or will invest in the machinery to process
> these certificates and the more complex they are, the fewer competitors
> these companies have to worry about.

Have you had a look at Sun's SKIP distribution (from skip.incog.com)?
I was surprised at how readable the certificate processing code was - it
is implemented as macros with the same names as the ASN.1 elements, so
the code for encoding or decoding certificates looks quite similar to
the ASN.1 definition of the certificate.

Garage shops (in the US, at least) should be able to use code similar
to that, without having to reinvent the cert processing wheel.