From: Brad Templeton (brad@templetons.com)
Date: Fri Oct 12 2001 - 15:48:26 CDT
On Fri, Oct 12, 2001 at 03:36:25PM -0400, J.B. Moreno wrote:
> On 10/12/01 2:17 PM, Brad Templeton at <brad@templetons.com> wrote:
>
> > One of the key factors to this debate is you believe there is complexity
> > to a certificate system which does not exist in manual files.
>
> How hard do you think it would be to do a trial implementation? To add it
> to one of the servers (Cnews, INN) and to issue the certificates to the
> members of this list and see how things work in real life?
>
There is a reference implementation of an RFC2704 certificate library
available at http://www.cis.upenn.edu/~keynote/
As a reference implementation, from what I last recall it lacks performance.
(Though word is that may have changed as the man pages now say it's
efficient enough for high performance real time apps!)
Keynote does a lot more than we actually need, because it is
a general solution, which might make people here resist it, because they
think even a basic system for USENET goes too far... But it has the
advantage of being an accepted RFC with a working implementation
in use in both Apache-SSL and the OpenBSD ipsec implementation.
It's syntax is also effectly like a USENET header, so to embed it in
a USENET header you would have to encapsulate it or do a mapping on the
syntax. (The latter is preferred as the syntax is bulkier than we might
want.)