[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Final Year Thesis : SPKI

> Actually, I can imagine an X.509v4 that would facilitate such a
> convergence.  All it has to do is drop the distinguished-name definition
> from the ASN.1, and drop all references to it.  That would be a major
> start at convergence.

That sounds like 'turn X.509 into SPKI' and not 'X.509 becomes
superset of SPKI'.

Actually there are folk who have argued for NULL subject names

> Actually, these areas are addressed by the work of Jane Winn and 
> Cem Kaner, 
> probably among others -- both coming at it as lawyers.

I doubt they considered Belgian law in detail.

> It's not clear to me that the CPS (+ Utah-like law) approach to 
> building a 
> legal infrastructure is either workable or desirable.  That 
> approach tends 
> to violate the spirit of Reg.E.  The heavy fine print in a CPS tends to
> absolve a CA from all responsibility -- far from a useful thing for
> keyholders.

I have never quite been able to persuade you that the CPS 
is there to define liability precisely and not to avoid it.

The model I think most useful for a CPS is that of an 
insurance contract. The person drafting such a contract
has to understand that accepting certain forms of liability
is the function of the CA.