[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

To: BalluffiF@xxxxxxxxxx
Subject: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 19 Jul 1999 17:11:13 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

Frank,

>Lynn Wheeler is correct. In a closed system (e.g., a home banking system),
>it is possible to compress all certificates to zero bytes (i.e., just use
>public keys).

yes, but one still needs top protect the integrity of the public keys, and
bind them to the access control database entries, and certs provide one way
of doing that, though not the only way.

>Certificates can be used to construct trust hierarchies. Public keys can
>not.

Good point.

>The reason SSL is primarily used for comfort is not because there is
>something wrong with certificates, it is because the necessary certificate
>management infrastructure does not exist. Imagine today's use of SSL without
>certificates -- system administrators would be installing large numbers of
>raw public keys into browsers, not a few CA certificates.

One must distinguish between server certs, as used today with SSL, vs.
client certs, which are rarely used today.  Your comment above is directed
at the former use, and is quite correct.

Steve

References:
- RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
  - From: BalluffiF

Prev by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACT ION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D A CTION :draft-ietf-pkix-scvp- 00.txt))
Previous by thread: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by thread: [no subject]
Index(es):
- Date
- Thread