[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Designer Certs

To: "Carlisle Adams" <carlisle.adams@entrust.com>, "'Rich Salz'" <salzr@certco.com>, <curtis_yarvin@geoworks.com>
Subject: Re: Designer Certs
From: "Phillip M. Hallam-Baker" <pbaker@verisign.com>
Date: Thu, 12 Feb 1998 13:28:08 -0500
Cc: <cert-talk@structuredarts.com>, <spki@c2.net>
Sender: owner-spki@c2.net


>>Why not? If it is going to take the $10K to negotiate each 
>>agreement does it really matter if the implementation requires 
>>ten minutes or ten seconds?
>
>As soon as you find a lawyer who is willing to write a thousand-or-more
>bits of random-looking data on a piece of paper, and another lawyer who
>is willing to sit at a terminal and type those thousand-or-more bits
>into the computer, you let me know  :-)


I have three lawyers sitting arround me who spend part of their
time receiving certificates via email, examining them in minute
detail using BER certificate parsing tools and acting on the results.
Its not too difficult to see them doing a drag and drop into a 
windows folder afterwards.

Indeed I think they are much happier doing that which is a
technology level they can understand than rely on automation.

Guess who gets dragged into the discussions of the minutiae?
It is great fun explaing the various placements of attributes and
so forth.


>The public keys and resulting cross-certificates have to get from one
>computer to another somehow and, believe me, I'd be surprised if this
>doesn't happen electronically, at least in some environments.


Yep, I'll be surprised if it is anything other than LDAP or S/MIME.

Transferring the bits is a trivial task. The problem lies in correlating
those bits to a proof or demonstration of identity, 

In the case of a cross certificate the problem lies in understanding the
correlation between the two set of certification practices.

>>I still think you be putting cart before horse. 
>
>You seem to have quite a non-standard definition of "before".  As it
>says quite clearly above, *first* the human/legal/business stuff
>happens, *then* the exchange occurs.


No, I'm saying the question of whether you need the cart is one you 
decide after the question of whether you can afford the horse.

If we must continue the metaphor I suppose I'm saying that to travel
in the country in question I believe we need a map of the geography
before deciding on a tank.



>This paragraph makes it clear to me that you either haven't read or
>haven't understood PKIX-CMP at all. 

Have you read my CMMF draft? I have spent rather a lot of time 
over the past few weeks reading the CMP draft thank you.

And please note that I would be careful of accusing anyone of
'not understanding' my work. As a hermenuticist I ascribe to
the principle that the primary responsibility for understanding 
rests on the author of the work.

There are many reasons for 'not understanding'. One of them
being that the text in question does not make sense. You may 
want to exercise a little more caution before questioning other
people's credentials in future.


>>In cases where there is no public CA which is acceptable,
>>communities of interest will create one.
>
>I have no doubt that you hope this is all true.  In your position how
>could you possibly hope otherwise?


Of come off it, I'm listed in the HTTP draft as one of the key
contributors to HTTP 1.0. I have spent the past five years working
with Tim Berners-Lee and the best in the business. I joined
VeriSign because I thought it would be fun and because I 
would be working with the best in the business, Baum, Ford, 
Williams. If I thought there was a problem with the CA approach
I would have taken another offer.

Presumably you are working for Entrust because you beleive
that their approach is the best one, so why accuse others
of shaping their opinions to suit corporate needs?

Again I would really try to avoid that analysis since as you know
I have experience of media and propaganda studies. There
is an old principle that accusations often reveal more about
the accuser than the accused. 

I will remind you that I was not the person who published a bogus
'scalability study' intended to demonstrate that an unencumbered
technology was not viable while failing to disclose that a patent 
had been applied for on the alternative solution. My argument in that
case was based on the facts and my greater experience of large
real time systems, I was not aware at the time that a patent had 
been applied for. Had the full facts been known at the time I
doubt Entrust's argument would have been so well received.


>However, even if it was to become largely true, I can't imagine that it
>would be true universally (i.e., for every single business working with
>a PKI from now until the end of time).  For those businesses that choose
>a different model, there should be some sort of standardized protocol
>that they can use to move bits around.  CMP is trying to offer one.  Is
>this so unreasonable?


Get Microsoft and Netscape to agree to implement it, achieve a
broad base of industry support and then it is interesting. Until
then it is a proprietary solution of interest only to a limited market.


In the meantime I really wish you could stop trying to personalize the
issue. I prefer to discuss your technology rather than my technical
skills, motives and so on. If you want to have a personal slanging 
match you will loose.


        Phill

Prev by Date: RE: Designer Certs
Next by Date: Re: Designer Certs
Prev by thread: RE: Designer Certs
Next by thread: Re: Designer Certs
Index(es):
- Main
- Thread