There is currently a thread on X.500 going on in the iso mailing list. Which
seems to mirror/track the sentiments about X.500 on pem-dev.
Pete.
Forwarded message:
From ic-postmaster-request(_at_)ic(_dot_)ac(_dot_)uk Mon Aug 16 18:46:18 1993
Message-Id: <9308161601(_dot_)AA14695(_at_)nic(_dot_)ddn(_dot_)mil>
To: iso(_at_)nic(_dot_)ddn(_dot_)mil
Subject: Re: What is X.500 used for?
In-Reply-To: Your message of "13 Aug 93 00:02:31 GMT."
<CBo848(_dot_)DoC(_at_)raistlin(_dot_)udev(_dot_)cdc(_dot_)com>
Date: Mon, 16 Aug 93 16:51:56 +0100
From: Peter Williams <P(_dot_)Williams(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
Sender: iso-request(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk
Dave, some feedback for discussion from the security field of X.500 use:
>In article <jo0dbti(_at_)twilight(_dot_)wpd(_dot_)sgi(_dot_)com>,
dcrocker(_at_)udel(_dot_)asd(_dot_)sgi(_dot_)com (Dave Crocker) writes:
>|> With luck, someone will respond to this note with a detailed
description
>|> that shows I'm wrong...
>|>
>|> d/
>
We are currently using a multi-vendor, multi-implementation,
multi-protocol, multi-transport-community, multi-link, multi-physical
X.500 deployment to support our IETF PEM multi-etc. implementation;
this usage is growing as fast as we can make it happen. Current size
is a small subset of the number of PEM users. The PEM RFC track is
about as old as 1984-1988 X.500 study-track; the problems of deploying
person-services are so hard, really! the technology of each is at least
10 years old, mind.
We make a "minimal" direct use of X.500 potential, mapping generalized
"names" onto "distinguished names". This function is vital to the
scalability and usability of any user software which also purports to
offer secure authentication, at known assurance, in a non-research,
commercial Internet environment of many mutually suspicious key
centers. I.E. the commercial-FIX providers and their customers. People
do use other usable, solutions for such secure mappings - i.e. local
X.500 simulations! Others implementations just offer no measurable
security - by not addressing the naming issue.
Other X.500 attributes are now used to provide for the effectivness of
this name retrieval, managing thereby the actual size of the current
distribution and naming of ~1,000,000 entries worldwide. Growth and usage
has been bounded by social influences, not technical issues.
Now, providing that other database technologies do not constain how
communities form names for themselves, and thereby use the names of
their choice to get on with their way of living, any directory will do
for the purpose of the retrieval of these IETF PEM certificates.
The second use of current X.500 deployment Id point out is this
"social" use. As the Internet moves towards commercial quality
standards, in which providers assume liability for their acts and their
failures, those who are piloting information services are hitting big
commercial snags - like "data protection" legislation, and personal
privacy, andcontrol of resource abuse, down-time, failure rates... The
X.500 pseudo-service is helping pioneer into reality the new age of
massively distributed, but connected, PRMD information services, by
dealing with these issues. A lot of academics and lawyers are now
"using" X.500! Data Protection legislation is probably the biggest
break on X.500 deployment and exploitation, at the moment.
What is Prospero (apart from Cliff Neumanns security brainchild)? What
uses are to be made of _it_, in any non-military field?