This is a short reply to Bob's previous message. I'll compose a longer
one later if I find some time. The boss wants his coroutines module and
he wants it last month ... :-)
I can certainly see Bob's point that X.500 is capable of storing user
certificates. It is even capable of searching by e-mail address if you
suitably bend it out of shape (there's an RFC on the correct way to bend
it out of shape). I've never questioned that X.500 can do it, but rather
whether X.500 _should_ do it.
I don't react well to theoretical arguments of a system's capability. To
convince me of X.500's worth in storing certificates, Bob or Warwick or
someone will have to produce the following:
(a) Example C source code for linking into my application which will
search for and retrieve a certificate based on at least the e-mail
address. Other search criteria are a bonus. LDAP is probably the
best protocol to use for this, but anything else that is simple
and works over TCP/IP will be fine. Don't worry about users without
TCP/IP just yet: we'll worry about gateways afterwards.
(b) Source code for a TCP/IP based X.500 server that I can install right
now and have my name and certificate set up in under one day and have
it made available to the rest of the world in under a week. Note:
I don't want to put my key on GTE's server Bob. I want to put it
on _my_ server, under my own local administration policies.
(c) Source code for a CA user interface for the X.500 server. That is,
a program which would allow the person running a CA to perform
general housekeeping tasks, sign keys, issue CRL's, etc.
(d) Source code for the act of a user sending their key to a CA to have
it signed. Note: I want a TCP/IP protocol for this. Not some
grungy e-mail interface.
Maybe this stuff exists. URL's please. But don't expect me to write it
without someone else's code to look at to see if I'm doing it right. The
day I can get a program from you, type in an e-mail address, and it returns
me a certificiate is the day I'll be dancing in the streets about X.500.
Put it this way Bob: "Put your money where your mouth is and show us that
it can work. Stop theorising." Sure, there are some tough problems as to
what search criteria to use, but if you focus too hard on them, you won't
get anywhere. Do something simple first, write the code for it, and then
start adding extra bits and pieces later.
In any case, I stand by my assertion that using X.500 or whois or whatever
to do certificate management is not the best option. It has nothing to do
with search criteria or e-mail addresses or hatred of X.500 or whatever.
It has to do with security. The CA management tasks alluded to in (c)
and (d) require quite a lot of thought of how to do them right to prevent
spoofing. Instead of bolting this onto an already complex directory system,
I suggest using a simpler protocol which is easier to verify secure and is
not dependent on a single view of the "find a user" problem.
Maybe what I should do is design a protocol and post it here as a draft.
Then Bob, you are free to point out whether X.500 is capable of what I
think we need to make CA's truly viable within a finite timeframe.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"