[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

I thought maybe I'd give answering this one a try, so that poor old
Carl doesn't feel too beat up on. :)

William J. Buffam wrote:
> So why will SPKI not run into the same problems that caused v1 certs to get 
> expanded to v3?

If SPKI needs to expand (bloat?) that much, it can, quickly and
easily. Why? Because SPKI is extensible in an IETF-friendly way. (i.e., any
yahoo can add a field, assuming he's willing to write the software to
make use of it.)

> And why will naming problems go away, and the whole business become magically 
> simple, by doing away with DNs?

A fundamental tenant of the SPKI group philosophy is that identity
certificates (where naming is certainly a central issue) are not
actually the most important thing. If and when people attempt to apply
SPKI certs to naming problems, we might need to extend it in some
way. We'll cross that bridge when we come to it, since SPKI is

> And why are S-expressions so much easier than ASN.1? (I personally am not an 
> actual code implementor, but at least one commentator on these channels has 
> claimed there's no lower work factor with S-exprs).

Data representation does not have anything to do with system design
considerations. There's no good answer to your question, only a flame
war. Don't bother picking that fight with me, or anyone who's already
been through it recently. It's just a waste of time.

SPKI is an Internet approach to the problem, from the ground up. Why?
Because we can. Because it might be fun, and it might end up making
people's lives easier. SPKI is not a threat to X.509 -- there will
always be people who feel they must buy ISO technology for whatever
reason (sometimes because it is _better_ than the stuff the rag-tag
Internet folks put out).

Answer your questions? :)

    Jeff Allen <jeff@bunyip.com>   |   For information about Bunyip
Bunyip Information Systems, Inc.   |   send e-mail to <info@bunyip.com>