Bob,
It almost appears you didn't read my message. You responded to the
initial statement (kind of) and the final one. However, you totally
skipped the middle. Without repeating the entire message (which I
intentionally kept off the list due to its length) let me restate it:
The problem with tying all of the attributes you suggest in the X.509
certificate is it precludes the more likely desire of users to retain
a more atomic control over them. Hence, the disclaimer could be
signed by one agency while the email address could be signed by
another, etc. (In fact, if a user wishes to include their internet
mail address they may do so within a (possibly signed) message, forget
the certificate.) If I change my email address the certificate must
be CRL'd and a new one issued to reflect it. Even more importantly,
if I use two addresses I must have two X.509 certificates to avoid
confusing people (something I DEFINITELY don't want to do at $$ per).
My advice to you is to try to do a paradigm shift. Put aside your
belief that the X.509/PEM architecture is all (somewhat) wrong for a
moment. Then start constructing scenarios (i.e. models of
communication) and solving them within the limitations imposed. I
have found little if anything I couldn't do or for which the
complexity and or performance was untenable. In the many messages you
have sent to pem-dev I haven't seen any examples, either.
Finally, I don't think PEM deployment is so far off. I know of a
number of real world applications where it is being actively
investigated as a (very large scale) solution.
Jeff Kimmelman
BBN Network Security Department
------------------------------
| Phone: (617) 873-2679
| Internet: jkimmelman(_at_)bbn(_dot_)com
| US Mail: 150 CambridgePark Drive, Cambridge, Ma. 02140
------------------------------