[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Out on a loop

> Actually, X.509 should stop calling itself a "Public Key Infrastructure"
> as well.   The term implies that the X.509 methodology does or should cover
> all, or at least the most important, uses of public keys.  This 
> is a very destructive view, retarding experimentation and
> use of the many possible alternatives.  Given the wide variety of ways 
> public keys can be used: SPKI authorization certs, PGP's web of trust, 
> bearer certificates, Chaumian credentials, etc., the idea that any 
> particular infrastructure defines all use of public keys is absurd.

As a novice in the area, I think this is the strongest
argument for a system like SPKI.

I'd compare SPKI vs. X.509 to the microkernel versus
monolithic debate in OS.  Of course SPKI is not a complete
public-key infrastructure: but it's an excellent substrate
on which such an infrastructure, or many, could be defined.
Is it wrong to call a ukernel an "operating system?"

Doesn't the fact that SPKI defines no single global
namespace make it the best possible architecture for
constructing a wide variety of global namespaces?  Is there
any reason why X.500 distinguished names, as well as any
other unique space, can't be used as an SPKI local namespace?
Am I missing something here?

Given the inchoate nature of the many industries which will
soon be using this technology, I think the argument against
defining a single, integrated solution, so early in the life
cycle of the problem, seems strong.