[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

At 01:00 PM 7/18/96 -0400, John Lowry wrote:
>	Is this an admission of defeat ?  Have we finally made
>	X.509 so complex that you can't "clear the hurdle" ?
>	We are close to exceeding our own capacity to understand
>	it ourselves so if you "cry uncle" then we can all breathe
>	a sigh of relief and stop trying to invent more complexity.
>	Sorry ... I couldn't resist.  You do sound a bit frustrated.

Oh, you guys succeeded long ago :).

I got frustrated the first time I had to deal with X.509 -- and that was v.1
(modifying TIS PEM).

The second time I had to do it, I vowed never to touch it again.  (helping
do a Fortezza I&A proxy for a firewall)

SET is the third time.

Rather than wait for the world to do certificates right and save me and my
fellow developers from this nonsense, I decided to spend some time on the
SPKI effort and get it done myself.

It's not just frustration.

I get very annoyed with needless complication, excessive code, -- and when
it's to support something that's ill-defined and probably not necessary
(Identity certification) in the first place, it's especially annoying.
[Note that SET's cardholder certificates are authorization certs, not
identity certs -- and they had to pervert X.509's definition to achieve it.]

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |