ianG <iang(_at_)iang(_dot_)org> writes:
On 15/04/2015 22:01 pm, Jon Callas wrote:
When 2440 started, there was an agreement with the Security Area that
OpenPGP would not be a "PKI" (whatever the heck that means), because
there was already a PKI, namely PKIX.
I don't suppose it would have made much difference to us in OpenPGP, but
it's nice to know how deep the rot ran at IETF.
It went the other way as well. When I proposed in PKIX allowing users to
manage their own certificates rather than having to go to a CA to get them
issued and replaced:
https://www.cs.auckland.ac.nz/~pgut001/pubs/autonomous.txt
the response from the PKIX chair was "we're not going to turn X.509 into
PGP", and that was the end of it.
The response to a proposal to replace the totally nonfunctional CRL blacklist
approach used by X.509 with a whitelist mechanism was even worse, amounting
to near-hysteria in some cases when I tried to push the issue (I've got some
of the emails saved somewhere, some of them came just short of saying "burn
the heretic!").
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp