Phill,
On 09/24/2013 05:25 PM, Phillip Hallam-Baker wrote:
Looking at the extreme breach of trust by US govt re PRISM, I think it is
time to do something we should have done decades ago but were stopped at US
Govt request.
Lets kill all support for X.400 mail.
This is still in use, I know. But looking through the PKIX spec the schema
is ten pages long. I count seven pages of garbage that we could kill if we
abandoned support for X.400, garbage character sets no longer needed, bogus
time formats, etc. etc.
Certificates do not need to be as complicated as X.509v3 made them. To work
with certificates issued for the Internet, an application needs to support
only 20% of the PKIX schema at most.
Sure, if we went back to the late 1990's that'd have been worth doing.
And sure, if we re-invent rfc 5280 public key certs we can not include
some stuff. Not that I see much benefit in re-inventing 5280 PKCs as a
thing to do in and of itself. (And of course DANE includes hardly any
ASN.1 nonsense if you pick the right options so we already have an
option without that baggage.)
But I see no benefit in messing around with rfc 5280 at this stage for
fun. (I said the same to the ITU-T person who seems to want to do that
with their x.509 spec the other day when the topic came up on wpkops.)
So -1 to that kind of change unless there's a much better reason.
S.