RE: Software for PKI ( or would you really rather get a root canal ?)

["Jean Pawluk" <jeanpawluk@xxxxxxxxxxxxxxx>]

 Ciao Michael

 RIGHT ON !

 PKI is at a critical point where either it has to be made to work
coherently, securely
 and in a relatively simple fashion or the community of interest will
abandon it for other approaches

        RFC 2459 was published January 1999. Frankly since then I can't see
        any added value of PKIX over X.509v1. There's not a single X.509v3
        extension defined in PKIX a PKI designer can really rely on. For
        each and every extension somebody planning/deploying a PKI has to
        check each and every implementation if and how this implementation
        interprets this extension. This is WEIRD!

Yes it is and very expensive and time consuming! Some goodness has evolved
out
of all these additional changes but it is dammed hard to keep track of. .


       Now I don't think that the folks working on XML-DSIG and XKMS are
       really doing it better. There's also the tendency to be most
       flexible by integrating as many PKI standards as possible. Same old
       problems...

"We have meet the enemy and he is us" is an apt quote. Of course
the many other standards group that are related also add to the confusion.

While I wouldn't rather have that root canal, it looks a lot less painful at
times
than using PKI.


Regards
Jean