[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
At 01:36 PM 7/18/96 -0400, David P. Kemp wrote:
>Have you had a look at Sun's SKIP distribution (from skip.incog.com)?
>I was surprised at how readable the certificate processing code was - it
>is implemented as macros with the same names as the ASN.1 elements, so
>the code for encoding or decoding certificates looks quite similar to
>the ASN.1 definition of the certificate.
heaven forbid.
Thanks for the pointer. I'll take a look.
However, the sins of X.509 come in two flavors -- use of ASN.1 and inclusion of the kitchen sink (to please the members of a committee, most likely). Those sins can't be un-done by a macro package. It takes discarding of the standard(s) and starting fresh to correct those sins.
>Garage shops (in the US, at least) should be able to use code similar
>to that, without having to reinvent the cert processing wheel.
We have reason to re-invent the cert processing wheel -- just as the X.509 folks have discovered on their own. SET's cardholder cert is a new invention, even if it parses as X.509. The attribute cert is a new invention. v.3's extensions are a new invention. They're all trying to incrementally get to where we jumped with SPKI by rejecting X.509 and its history and starting with a blank sheet of paper.
- Carl
From ???@??? Thu Jul 18 16:30:37 1996
Return-Path: <owner-spki@c2.org>
Received: from callandor.cybercash.com (callandor1.cybercash.com) by cybercash.com (4.1/SMI-4.1)
id AA12988; Thu, 18 Jul 96 14:11:13 EDT
Received: by callandor.cybercash.com; id OAA10841; Thu, 18 Jul 1996 14:11:55 -0400
Received: from infinity.c2.org(140.174.185.11) by callandor.cybercash.com via smap (V3.1)
id xma010837; Thu, 18 Jul 96 14:11:54 -0400
Received: by infinity.c2.org (8.7.4/8.6.9)
id LAA25073 for spki-outgoing; Thu, 18 Jul 1996 11:05:21 -0700 (PDT)
Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Message-Id: <2.2.32.19960718180723.009999bc@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 18 Jul 1996 14:07:23 -0400
To: dpkemp@missi.ncsc.mil (David P. Kemp)
From: Carl Ellison <cme@cybercash.com>
Subject: Re: one possible motivation for X.509
Cc: spki@c2.org
Sender: owner-spki@c2.org
Precedence: bulk
X-UIDL: 003e61c3d6401905971d48ca7b502883
At 01:36 PM 7/18/96 -0400, David P. Kemp wrote:
>Have you had a look at Sun's SKIP distribution (from skip.incog.com)?
>I was surprised at how readable the certificate processing code was - it
>is implemented as macros with the same names as the ASN.1 elements, so
>the code for encoding or decoding certificates looks quite similar to
>the ASN.1 definition of the certificate.
heaven forbid.
Thanks for the pointer. I'll take a look.
However, the sins of X.509 come in two flavors -- use of ASN.1 and inclusion
of the kitchen sink (to please the members of a committee, most likely).
Those sins can't be un-done by a macro package. It takes discarding of the
standard(s) and starting fresh to correct those sins.
>Garage shops (in the US, at least) should be able to use code similar
>to that, without having to reinvent the cert processing wheel.
We have reason to re-invent the cert processing wheel -- just as the X.509
folks have discovered on their own. SET's cardholder cert is a new
invention, even if it parses as X.509. The attribute cert is a new
invention. v.3's extensions are a new invention. They're all trying to
incrementally get to where we jumped with SPKI by rejecting X.509 and its
history and starting with a blank sheet of paper.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+