Re: A web of directories - Finding PKIX Servers

[Andreas Berger <aberger@xxxxxxxxxxxxxxxx>]

Alan Lloyd wrote:
> 
> Can I write a similar message to what was written in the X.500 / 509
> standards 11 years ago. That X.509 is part of X.500 and for most people
> working with 509 and PKI - part of the system design is to use directory
> services as the information infrastructure on which 509 services are
> used. It strikes me that if 509 is used without directories, then one
> has to create mappings, strange names, extensions, domain names,
> gateways, human configuration etc. If X.509 is the wheel - its best to
> use it with a car - otherwise one has to carry it everywhere - and the
> ride just aint the same :-)
> 
> I just do not understand why so much effort is going into "getting round
> " directory services - when so many organisations are putting 509 and
> directories together as part of their major authenticated - distributed
> information infrastructure system designs.
> 
> regards alan
Alan,

it is not that I am living in a purely IP/DNS world and that I think
that X.500 is likely to fail or whatever. Many project we do tend to -
sooner or later - have a directory server, but mostly inside
organizations. This is fine.

But it seems that the "cost of entry" to deploying an external server is
usually avoided by these organizations. So they donīt set one up (also
because almost nobody will use them, the chicken and egg problem).

So why shouldnīt we probpose a simple, light weight alternative for the
short term to medium term , doing the "root" lookup of X.500 via DNS and
wait for the public to recognize that directory servers are useful. Then
we can connect those servers and get rid of the "hack" or provide the
information of the hack via the global directory in the interim.

Andreas
-- 
Fifty-three percent of Fortune 1000 executives think the
Arch Deluxe is something that helps to run a computer.
-- Jericho Communications