If you wish a list of the impediments (I won't call them
defects, because they are limitations imposed by the RFCs),
I would suggest that you go back and read the last month's
worth of mail from people like Steve Crocker, Anish
Bahrani, Rhys Whetherby, and others who are complaining
that PEM is hard to deploy.
While I am generally supportive of a desire to be able to put more stuff in
certificates, I don't believe any action there would make PEM easier to deploy.
In fact, by introducing incompatibilities with existing deployed
implementations,
it would make it harder. There's a good argument to be made
that we should stop changing it because continued tweaking may well slow down
deployment enough to kill it.
In my opinion, the things that are slowing deployment are:
1) Lack of aggressively marketed commercial implementations (where people pay
real money, get at least minimal support, and someone is motivated to "sell"
it).
This affects the mass market more than this community.
2) The tie to X.500 names. With 20/20 hindsight, I think this was a big
mistake.
We thought we could take advantage of a certificate infrastructure
that someone else would have already paid for and installed; then we thought
we could be leaders and people would be willing to put up with some pain because
the certificates would be useful for other things. While dreams persist that
the certificates deployed by PEM will be useful in other contexts, those dreams
are now sufficiently distant that I don't think anyone will deploy them unless
they are justified solely by the utility of PEM. The price we pay is that to
deploy PEM, you need an X.500 name, and while that might not in theory be
difficult, it is at least a source of confusion and a psychological hurdle.
If we had life to live over, I would advocate using internet mailbox names
(or things that look like internet mailbox names) as the basis for
authentication instead of X.500 names. Clearly, many members of this
community disagree with me (probably a majority). And even I believe that
it's too late to switch (at least in an abrupt manner). Some people clearly
think we should (probably a minority).
3) The practical difficulties in getting linked into the CA hierarchy.
This is caused in part by the "top-down centric" view in the design
coupled with our appalling inability to actually deploy an ICA and a
casual-use-appropriate PCA.
4) Continuing uncertainty over integration with MIME.
5) Psychological barriers caused by the mystique of cryptography, export
controls, and lawyers; coupled with perfectionism inherent in the desire
to get the certificate infrastructure right the first time for fear we
won't get another chance.
Changing certificates is a small part of (5), and I believe efforts there
are more likely to hurt than to help. You can never actually make a
lawyer happy. I believe our efforts are much better spent concentrating
on (3) and (4) as a group and hopefully (1) in private.
--Charlie
(kaufman(_at_)zk3(_dot_)dec(_dot_)com)