[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Out on a loop

David Kemp:
> That sounds like a perfect characterization of the SPKI effort, and a
> useful effort it is.  However, it has nothing to do with building a Public
> Key Infrastructure...just call it the "Public Key Authorization Protocol"

Actually, X.509 should stop calling itself a "Public Key Infrastructure"
as well.   The term implies that the X.509 methodology does or should cover
all, or at least the most important, uses of public keys.  This 
is a very destructive view, retarding experimentation and
use of the many possible alternatives.  Given the wide variety of ways 
public keys can be used: SPKI authorization certs, PGP's web of trust, 
bearer certificates, Chaumian credentials, etc., the idea that any 
particular infrastructure defines all use of public keys is absurd.

As long as X.509 people insist on this hyperbolic method of 
promoting a particular methodology, SPKI and other public key
based technologies and standards have every bit as much right to also 
use the overblown and meaningless phrase "Public Key Infrastructure".

Nick Szabo

Follow-Ups: References: