[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fault tolerance of SPKI/SDSI
-----BEGIN PGP SIGNED MESSAGE-----
At 09:55 AM 3/13/97 +0100, peter.gietz@zdv.uni-tuebingen.de wrote:
>I asume you mean X.509 with hierarchical schemes. Your argument doesn't
>hold strong against X.509, because besides the CA-tree there is also the
>possibility of cross-certification of CAs, which is independent of the
>hierarchical level of the two CAs and is in a way comparable with the
>PGP web of trust. X.500 is by no way 1-dimensional. So although the
>hierarchical system in the first place is not so susceptible to breaks,
>because the links are well structured, and have defined responsibilities,
>it is, by the means of cross-certification as fault tolerant as a non
>hierarchical system.
>
>>
>> Of course, the degree of actual fault tolerance will depend on practice,
>
>This is true for all systems.
Peter,
you are correct. There is nothing inherent in X.509 that forces
a single-root tree. That is only convention, probably thanks to PEM.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMymwdlQXJENzYr45AQGbuAP/ZdwljdZ5bzKzcKf8ogcpRktogI79wHwH
RSXxyzJuJNAgUo+ddue4948nER4+0NGhZHrKQa6Zi5F/aVQhNpMc9Ek7PDcD7P4t
uchv7uYBkKXouyAe6P04pB5n9yTJzxaO1UJJEE/lIqlTkBVFj58EseXAsfOCt+vt
U+6m1o6w1uo=
=npvk
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: