W3C home > Mailing lists > Public > public-xg-webid@w3.org > May 2011

kaminsky and webid : disassociating from the ranting

From: peter williams <home_pw@msn.com>
Date: Sun, 1 May 2011 18:39:39 -0700
Message-ID: <SNT143-ds873DB33100FA2AEAB18B7929F0@phx.gbl>
To: "'WebID XG'" <public-xg-webid@w3.org>
"PKI based on X.509 was supposed to fix this, but a couple billion dollars
in failed deployments later, it's become painfully clear:  X.509 is really
quite expensive and painful."


What I hoping is that folks here have provided Kaminsky wrong. X.509 is
quite trivial to understand, costs absolutely nothing to operate on a global
scale, and is no more painful than learning RDF. Webid is the proof of this
claim. NOTHING NOTHING NOTHING has prevented folks here from doing
self-asserted X.509 (something happenstance not mentioned by all the
rant-centric pundits, Kaminsky included). Furthermore, what folks are doing
with webid today COULD have been done 5+ years ago (nothing material has
changed in the Web, meantime). Folks COULD have used the URI 10 years ago
(when Jalil Feghii  first coded it using the Microsoft Cert Server v1.0 -
back in the pre-.NET COM era!).



What is expensive is assurance. Signing cert blobs and stuffing fields in
them is trivial. It always was.


When one starts out to have *assured* DNSsec with lots of self-selected
assurers (not just US govt and its minions), it will have exactly the same
issues as *assuring* X.509 certs. There is no semantic difference between a
signed DNS record, and a signed cert. Just two different blobs, in two
different directories, in two different hierarchies. At least X.509 is not
so limited however!


I think we need to dis-associate form Kaminsky - simply because he (I
assume) has associated himself with the anti-X.509 rant  crowd, in the form
of his arguments. It's a shame folks do it, but it is quite common. 


I always apply the Peter test. If Peter can actually do it, it MUST be
simple both in concept AND in practice.

Received on Monday, 2 May 2011 01:40:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC