[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Designer Certs

>I think what he means is that SPKI is a layered solution,
>where X.509 is a monolithic solution.

You seem to be confusing 509v1 with 509v3.  It seems to me that
509v3 defines a minimal (not most minimal) semantics for basic
communication and interoperation, and then leaves a way for anyone
to add any additional semantics they wish.  (BTW, the "CRITICAL" bit
is just as innovative and important as Unix's setuid bit.)

>Unlike X.509, SPKI is not a complete solution to the problem
>of certificates.  It defines a mechanism for exchanging and
>structuring certified data, and leaves the question of what
>that data is mostly undefined.

I'm a bit new to some of the details, but can you give me an example
of what SPKI "undef'd" from PKIX?

Did SPKI remove its almost-unimplementable (*-closure?) authorization
model?  I dropped off the list about a month after the first 40-page
I-D, since it was pretty clear to me that the group just below its
window of opportunity vis-a-vis commercial acceptance.  (Apologies
to those on the SPKI list who feel otherwise and/or might take

>This comes from a weird idea that has gained some currency
>in American software design circles, which is that it's
>important to separate mechanism from policy.  It's uncertain
>where this idea originated.  It may not have been proposed
>in compliance with the correct ISO procedures...

Paragraphs like this tend to encourage people to dismiss you as just
another anti-ISO bigot and they might ignore you, rather than look at
the merits of your posting itself.