Re: FW: changelog #A1

On Wednesday 18 December 2002 15:34, Hallam-Baker, Phillip wrote:
> I don't believe that directory systems have any place in a PKI.
> They have been worse than a failure.
>
> We are not building a trusted means of discovering an RFC822
> email address here. We are building a means of locating information
> that an application would use.

My mistake, instead of John's email, insert a key associated with John's 
email.

> I would dispute the claim that there is no formal definition
> of 'trusted system'. The term 'trusted computing base' has been
> standard in the litterature since orange book.

(And it's been a source of rat-hole and confusion since then as well 
<smile/>.)

> However the text looks almost ok to me. I would reword the bit where it
> gets fuzzy 'insert favorite' to be a list of steps that mention
> both PKIX and PGP scenarios.

Ok, I rewrote the section [attached] and include a PGP scenario, if someone 
wanted to include a PKIX scenario they can.

> The mixed model of do a locate first then throw the data at
> a validate service makes much less sense to me. I know people
> think it is a winner but I don't see that myself. Why have the
> client be a blind relay when the service can do the job for it?

I agree, it shouldn't be precluded, and we can mention it can be done, but I 
don't think we need the diagram nor must convey this is a recommended 
approach.