[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
At 01:00 PM 7/18/96 -0400, John Lowry wrote:
>Carl,
>
> Is this an admission of defeat ? Have we finally made
> X.509 so complex that you can't "clear the hurdle" ?
> We are close to exceeding our own capacity to understand
> it ourselves so if you "cry uncle" then we can all breathe
> a sigh of relief and stop trying to invent more complexity.
>
> Sorry ... I couldn't resist. You do sound a bit frustrated.
Oh, you guys succeeded long ago :).
I got frustrated the first time I had to deal with X.509 -- and that was v.1
(modifying TIS PEM).
The second time I had to do it, I vowed never to touch it again. (helping
do a Fortezza I&A proxy for a firewall)
SET is the third time.
Rather than wait for the world to do certificates right and save me and my
fellow developers from this nonsense, I decided to spend some time on the
SPKI effort and get it done myself.
It's not just frustration.
I get very annoyed with needless complication, excessive code, -- and when
it's to support something that's ill-defined and probably not necessary
(Identity certification) in the first place, it's especially annoying.
[Note that SET's cardholder certificates are authorization certs, not
identity certs -- and they had to pervert X.509's definition to achieve it.]
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+