Re: Re: Re: Naming and other hard problems

Carl, 

Please forgive me from posting your private reply to me to pem-dev, but one
of your points was important.
------------------------------
Bob,

In the meantime, early adoptors of this brave new world need not be
slowed down at all by such discussions. PEM is out there and can be
used, if perhaps not for legally binding purposes as yet (ask your
lawyer). No one is stopping you from using it, and I haven't heard any 
of the designers or implementors tearing their hair out because
of the possibillity of changes in some version 1.1.


I know.  My frustration came from the delay in getting PEM adopted as
compared to RIPEM or PGP.  Stratus still doesn't use it -- because of the
naming hierarchy requirement (specifically, because it would take corporate
action rather than individual action).  However, I've been using RIPEM with
no ill effect.

Perhaps I just need to be a little patient.  Still, I would much rather PEM
hadn't tied its carriage to the naming hierarchy.  A more general
certification scheme is almost certainly needed anyway and once that's
developed, the PEM certification trees might become useless.

Anyway -- we've spent probably too many bits on this annual peep from me.
Thanks for the thoughtful response.

 - Carl
-----------------------------------

I suspect that I understand waht you are referring to, but I think it would be
quite useful to have someone else put this issue on the table. Unless you think
it would harm rather then help the overall cause, would you please describe
exactly what steps you have taken to get the use of PEM approved for use
within Stratus, and what obstacles were encountered in doing so?

Are you using RIPEM as a residential person, or as an organizational person?
What does your certificate contain in terms of a name, and who certified you?

I'm not sure that I understand your second point. Looking at the effort 
undertaken
by Mitre with the sponsorship of NIST, I would say that we are heading in 
basically
the right direction. The IPRA might or might not go away and be replaced by some
other Top Level Certification Authority, but I think the PCA structure will 
probably
stand up. In fact, the notion of a PCA and a PCA policy was one of the most 
important
contributions coming from the PEM effort, vs. the X.509 structure.

Bob

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Naming and other hard problems, Matthew McGillis Re: Naming and other hard problems, jueneman%wotan Re: Naming and other hard problems, Carl_Ellison Re: Naming and other hard problems, Steve Kent Re: Naming and other hard problems, Carl_Ellison Re: Naming and other hard problems, Steve Kent Re: Naming and other hard problems, Carl Ellison Re: Re: Naming and other hard problems, jueneman%wotan Re: Re: Naming and other hard problems, Carl Ellison Re: Re: Re: Naming and other hard problems, jueneman%wotan <= Re: Naming and other hard problems, Peter Williams Re: Naming and other hard problems, Richard . Ankney

Previous by Date:	Re: Lawyers and evidence, jueneman%wotan
Next by Date:	Re: Lawyers and evidence, jueneman%wotan
Previous by Thread:	Re: Re: Naming and other hard problems, Carl Ellison
Next by Thread:	Re: Naming and other hard problems, Peter Williams
Indexes:	[Date] [Thread] [Top] [All Lists]