Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:
Looking forward, I want to eventually get to one PKI which combines
Web of Trust and Hierarchical concepts. I think I can demonstrate
mathematically that it is possible to achieve a higher work factor
that way than with either approach on its own. There are use cases
that I cannot satisfy with one or the other.
I'll note you can do that, today, with OpenPGP. You run a CA -- start
signing OpenPGP keys with your CA Key. Boom. You're done.
There are some features of a new PKI that I think are fairly obvious.
It is clear for example that the energy will come from the OpenPGP
world. It is also clear that ASN.1 is as popular as a dose of ebola
and there must be no new ASN.1.
But if we do have to do a lot of new stuff, I want to go to JSON
rather than trying to muck about trying to extend the 1990s style
structures.
I don't see what "new stuff" really needs to be done.
Seriously, please tell me what (other than Name Constraints) OpenPGP is
missing in order to support your concept of a PKI? (And I'll note that
even NC can be done in OpenPGP via notations)
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp