[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Designer Certs
>I think what he means is that SPKI is a layered solution,
>where X.509 is a monolithic solution.
You seem to be confusing 509v1 with 509v3. It seems to me that
509v3 defines a minimal (not most minimal) semantics for basic
communication and interoperation, and then leaves a way for anyone
to add any additional semantics they wish. (BTW, the "CRITICAL" bit
is just as innovative and important as Unix's setuid bit.)
>Unlike X.509, SPKI is not a complete solution to the problem
>of certificates. It defines a mechanism for exchanging and
>structuring certified data, and leaves the question of what
>that data is mostly undefined.
I'm a bit new to some of the details, but can you give me an example
of what SPKI "undef'd" from PKIX?
Did SPKI remove its almost-unimplementable (*-closure?) authorization
model? I dropped off the list about a month after the first 40-page
I-D, since it was pretty clear to me that the group just below its
window of opportunity vis-a-vis commercial acceptance. (Apologies
to those on the SPKI list who feel otherwise and/or might take
>This comes from a weird idea that has gained some currency
>in American software design circles, which is that it's
>important to separate mechanism from policy. It's uncertain
>where this idea originated. It may not have been proposed
>in compliance with the correct ISO procedures...
Paragraphs like this tend to encourage people to dismiss you as just
another anti-ISO bigot and they might ignore you, rather than look at
the merits of your posting itself.