[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Out on a loop
> Actually, X.509 should stop calling itself a "Public Key Infrastructure"
> as well. The term implies that the X.509 methodology does or should cover
> all, or at least the most important, uses of public keys. This
> is a very destructive view, retarding experimentation and
> use of the many possible alternatives. Given the wide variety of ways
> public keys can be used: SPKI authorization certs, PGP's web of trust,
> bearer certificates, Chaumian credentials, etc., the idea that any
> particular infrastructure defines all use of public keys is absurd.
As a novice in the area, I think this is the strongest
argument for a system like SPKI.
I'd compare SPKI vs. X.509 to the microkernel versus
monolithic debate in OS. Of course SPKI is not a complete
public-key infrastructure: but it's an excellent substrate
on which such an infrastructure, or many, could be defined.
Is it wrong to call a ukernel an "operating system?"
Doesn't the fact that SPKI defines no single global
namespace make it the best possible architecture for
constructing a wide variety of global namespaces? Is there
any reason why X.500 distinguished names, as well as any
other unique space, can't be used as an SPKI local namespace?
Am I missing something here?
Given the inchoate nature of the many industries which will
soon be using this technology, I think the argument against
defining a single, integrated solution, so early in the life
cycle of the problem, seems strong.