[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANNOUNCEMENT: SPKI mailing list and BOF at Los Angeles

"peter (p.w.) whittaker" writes:
> > There has never been a discussion starting from a blank piece of paper
> > inside the IETF community on the subject of what we really desire from
> > our public key infrastructure. This new group is an opportunity to
> > have this sort of dialog. I realize that some will view this as
> > "competition".
> So long as this group pursues the task you describe (looking at PKI
> requirements from scratch), and considers existing technologies when it
> comes time to implement answers to those questions, then long live SPKI.

When I said "from scratch", I meant "from scratch".

I will say from the outset, however, that I doubt, starting from
scratch, we would have ended up with X.509; the reason being that
things like distinguished names and ASN.1 would not likely be things
the internet community would adopt. However, that said, I'm very much
interested in hearing the contributions of people with experience in
the X.509 world and in hearing from those who advocate producing an
X.509-like system with a much simpler encoding and a more IETFish
naming structure. It may be argued that X.509 is the global standard
and that the world doesn't need two standards, but then again, the
IETF has a habit of trying to stick to technical merits and not
political ones.

Beyond the X.509 model, I will point out that there are advocates of
radically different models present, who don't like the underlying
principles on which X.509 is based (like binding identities instead of
roles). I want to hear from them, from people who would advocate that
we simply adopt the mechanisms in the DNS security work, and from all
other points of view.

> There is an opportunity for the SPKI working group to ask the right
> questions (starting from the blank sheet).  Hopefully this is what SPKI
> will do.

I really *do* mean that I want this to be a wide open effort. There
isn't going to be any "you advocate X so your opinions don't count" or
"you don't advocate X so your opinions don't count". I really mean it
when I say I welcome participation from all sectors of the community.

> I'm also hopeful that SPKI will honestly consider the possibility that
> others may have answered those questions, or may have started in the
> right direction.

Absolutely. As I said, however, that doesn't mean that I necessarily
believe that X.509 would have been the result of taking out a blank
sheet of paper in an IETF context.


PS I'll stop CCing the PKIX working group on future mail on this
topic. I don't want to clog its communications.

Follow-Ups: References: