Re[2]: unpublished public keys (was: voting)

I'm having a great deal of trouble understanding the problem you're 
trying to describe.  As someone who has implemented both RFC 1421 and 
PEM/MIME I had no trouble with what I understand to be your problem 
(which could be wrong, of course).  Let me try to describe what I 
perceive to be your problem so I can test my understanding.

     
     The problem is simple.  The issuer name and serial number (in the old 
     RFCs) are integral to the public key trust mechanism, the certificate. 
      There is a one-to-one correspondance.  I can always derive the issuer 
     name and serial number from a certificate whether I got your 
     certificate from you, from a friend, from my system administrator, a 
     mail message to a distribution list, an X.500 server or anywhere else. 
      The same is true for the public key (or even a hash of the public key 
     for those who are concerned with bandwidth). There is considerable 
     simplicity and elegance in the idea that the "selector" field for my 
     database simply CAN NOT get out of sync with the actual keys in the 
     database.  That goes for the keys of my communicants (for outgoing 
     mail) as well as my own keys (for incoming mail).  End of story.
     
     It is not at all compelling to me to hear how easy it was for you to 
     add this to your reference implementation.  Of course it's easy !!! Of 
     course it's interoperable !!! You wrote it !!  Now explain to me what 
     my application is supposed to do when someone encrypts a message with 
     my public key with a key selector I've never seen before.  This is 
     just one example of an out-of sync comdition.  For n different 
     identifiers there are about n squared of these conditions to deal 
     with.  None of this is addressed in the current spec and to do so may 
     take more pages then the existing text !!
     
     My proposal is to settle on one identifier.  Let's make it work.  
     Let's make it interoperate.  Now  !! Nothing will stop us from making 
     it better later.  I tend to agree with Dave Crocker's repeated pleas, 
     we're very late.  Anything, ANYTHING we can do to speed implementation 
     must be given consideration at this point.
     
     Dare to be simple.  It goes a long way !!!
     
     Holiday cheers,
     
     Steve Dusse
     RSA
     
     
     p.s. Please forgive the frustrated tone.  I;m actually very pleased 
     that there is discussion after so long a silence,.,,,,,,

<Prev in Thread]	Current Thread	[Next in Thread>
Re: unpublished public keys (was: voting), Jueneman Re: unpublished public keys (was: voting), Jeff Thompson Re: unpublished public keys (was: voting), James M Galvin Re[2]: unpublished public keys (was: voting), spock <= Re: Re[2]: unpublished public keys (was: voting), James M Galvin Re: unpublished public keys (was: voting), Amanda Walker Re: unpublished public keys (was: voting), James M Galvin Re: unpublished public keys (was: voting), Jeff Thompson Re: unpublished public keys (was: voting), Jueneman Re: unpublished public keys (was: voting), James M Galvin Re: unpublished public keys (was: voting), Jeff Thompson Re[2]: unpublished public keys (was: voting), Paul_Lambert-P15452 Re: Re[2]: unpublished public keys (was: voting), James M Galvin Re: Re[2]: unpublished public keys (was: voting), perry

Previous by Date:	Re: closure and restart, Phil Smiley
Next by Date:	Re: Re[2]: Is PGP really more widespread than PEM?, Ned Freed
Previous by Thread:	Re: unpublished public keys (was: voting), James M Galvin
Next by Thread:	Re: Re[2]: unpublished public keys (was: voting), James M Galvin
Indexes:	[Date] [Thread] [Top] [All Lists]