W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: DN is not an identifier (was Re: XML certificate ...)

From: Philip Hallam-Baker <pbaker@verisign.com>
Date: Fri, 12 May 2000 12:29:28 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F408EAE2@vhqpostal.verisign.com>
To: "'Eric Rescorla'" <ekr@rtfm.com>, Carl Ellison <cme@jf.intel.com>
Cc: w3c-ietf-xmldsig@w3.org
Eric writes:

>Like it or not, to the extent to which we have a certificate
>infrastructure, it's X.509. That's the kind of certificates that
>systems have and its the kind of certificates that software knows
>how to parse. Before we decide to junk all that, I'd like to be
>fairly sure that it has crippling flaws. Your argument so far
>isn't exactly convincing.

Whether you agree with Eric or not, the market in the form of
users of deployed software has to be borne in mind if you want
to effect any change.

Eric and I have both written enough ASN.1 to have been granted
a PHD in advanced hatred of ASN.1 and all its works. 

Please do not think that there is no sympathy for the arguments.
They are not well recieved for the same reason that I do not like
the suggestion I get DSL at home. I would very much like to do so
if it did not require me to move the whole house two miles closer
to the switch first!

I have been reading a lot of Heiddegger and Gadamer recently.
I cannot help thinking that at least some of the charges being
leveled against PKIX also hold true for the current understanding
of Epistomology, rooted as it is in formalized rhetoric expressed
in symbolic form.

I see the same problems identified in PKIX as have been open
in epistomology for eighty years. If those guys have not solved
the problems I don't think we should consider it a critical 
failure of PKIX if it fails to solve them.

Ultimately those who fail to find at least one root to trust
are going to find themselves performing the cyberspace equivalent
of Diogenes' domestic arrangements.

Since one co-chair has already served notice that this discussion
is out of scope and the other will undoubtedly do so as well I'll
not go on any further. 

		Phill


Received on Friday, 12 May 2000 15:33:32 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT