On Tue, Sep 24, 2013 at 5:25 PM, Phillip Hallam-Baker
<hallam(_at_)gmail(_dot_)com>wrote:
Looking at the extreme breach of trust by US govt re PRISM, I think it is
time to do something we should have done decades ago but were stopped at US
Govt request.
Lets kill all support for X.400 mail.
Actually, as far as I'm aware, the US and UK government uses of X.400 are
being phased out fairly rapidly, so they'd probably support trimming out
most of the support from PKIX too.
This is still in use, I know. But looking through the PKIX spec the schema
is ten pages long. I count seven pages of garbage that we could kill if we
abandoned support for X.400, garbage character sets no longer needed, bogus
time formats, etc. etc.
Certificates do not need to be as complicated as X.509v3 made them. To
work with certificates issued for the Internet, an application needs to
support only 20% of the PKIX schema at most.
I'd be interested to see a more concrete proposal. I would offer my
apps-oriented viewpoint in the work, too.
Dave.