[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANNOUNCEMENT: SPKI mailing list and BOF at Los Angeles

On Fri, 23 Feb 1996 perry%piermont.com@bcars735 wrote:
> "peter (p.w.) whittaker" writes:
> > There is an opportunity for the SPKI working group to ask the right
> > questions (starting from the blank sheet).  Hopefully this is what SPKI
> > will do.
> I really *do* mean that I want this to be a wide open effort. There
> isn't going to be any "you advocate X so your opinions don't count" or
> "you don't advocate X so your opinions don't count". I really mean it
> when I say I welcome participation from all sectors of the community.

Good!  I look forward to the discussion.

> > I'm also hopeful that SPKI will honestly consider the possibility that
> > others may have answered those questions, or may have started in the
> > right direction.
> Absolutely. As I said, however, that doesn't mean that I necessarily
> believe that X.509 would have been the result of taking out a blank
> sheet of paper in an IETF context.

Probably true.  On the other hand, considerable experience has been
gained with X.509 certificates, so not dismissing them out of hand is a
good thing....

Note that the "DN problem" can be avoided rather simply:  in X.509
certificates the Issuer and Subject names must be of type Name, where
Name is defined in X.501; in X.501, Name is defined as a CHOICE type,
with the choice currently limited to rdnSequence.

There is nothing that prevents interested parties from extending the
choice for experimental purposes, veriyfing that the choice is useful,
then petitioning the ITU/ISO to formally add the new element to the
CHOICE.  (I've been thinking about this approach and how it could be
used to harmonize X.500 and the DNS for some time now; maybe one day
I'll actually been able to bring this idea to the foreground, and spend
some real time on it.)

I do not write this to be disingenuous:  this may a suitable way of
leveraging existing technologies as part of an effort to build a
generalized PKI.

> PS I'll stop CCing the PKIX working group on future mail on this
> topic. I don't want to clog its communications.

Agreed.  I will do likewise as of now.