[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANNOUNCEMENT: SPKI mailing list and BOF at Los Angeles

On Fri, 23 Feb 1996 perry%piermont.com@bcars735 wrote:
> "peter (p.w.) whittaker" writes:
> > Definining two entirely analogous PKIs seems comparable to defining two
> > entirely analogous mail transfer protocols, with the only difference in
> > the protocols being the format of the headers.  Where would we be if SMTP
> > had had "competition" from the start?  Would the IETF even have approved
> > such an effort? 
> There has never been a discussion starting from a blank piece of paper
> inside the IETF community on the subject of what we really desire from
> our public key infrastructure. This new group is an opportunity to
> have this sort of dialog. I realize that some will view this as
> "competition".

So long as this group pursues the task you describe (looking at PKI
requirements from scratch), and considers existing technologies when it
comes time to implement answers to those questions, then long live SPKI.

If, on the other hand, the goal of the group is develop alternatives to
PKIX, to let the "market decide", then the group's existence does the
market a disservice by creating and promulgating an artificial
distinction that need not exist.

IMHO, the proper PKI questions are:  what do we want from our PKI?  what
services must our SPKI certificates support?  do existing technologies
and certificates support these services?  Appropriate actions taken when
answering these questions include looking at PKIX, X.509 certificates,
other certificates, possible liaison with other
certificate-format-definining bodies, etc.

The example of SMTP and X.400 was cited.  It's a good example:  two
groups that should have co-operated from the start and didn't.  The same
applies to TP4 and TCP.

There is an opportunity for the SPKI working group to ask the right
questions (starting from the blank sheet).  Hopefully this is what SPKI
will do.

I'm also hopeful that SPKI will honestly consider the possibility that
others may have answered those questions, or may have started in the
right direction.  I'm not implying that they have done so, merely that
they may have, and that to exclude them from consideration, i.e., to
make SPKI the non-X.509 PKI, would be dishonest, shortsighted, and
unfair to the user community.


Follow-Ups: References: