And as a policy issue, I find a number of arguments I've seen go past
recently to be specious. For example, X.509 is not going to die. Clearly,
many environments are well served by the PCA/CA framework, and more will
be as CAs come on line, ranging from the RSA Commercial and Unaffiliated
User CAs to the CAs that the U.S. Postal Service is bringing on line.
I fully expect X.509 to become the standard electronic form of
identification,
analogous to drivers licenses, check cashing cards, and the like in
phsyical interchange. X.509 certainly doesn't somehow "need" our support
in a political sense. It simply exists, and we need to be able to support
operation in its framework (as the current draft does).
Actually, I am delighted to hear you say that. If I were convinced that were
true beyond any reasonable doubt, I wouldn't be nearly so nervous about
supporting alternative structures such as the bare key option, as I would
suspect their usage would wither and die, and not be a problem. But I very
much
doubt that you have a concensus on that point with your co-authors, Ned and
Jim
having been extremely dogmatic about the general un-workability of the
certificate structure, the difficult of getting it started, etc. At least a
year ago I was beginning to have some serious doubts as to whether public-key
cryptography was ever going to get out of the starting blocks, but recently
things are looking up. if you could convince Ne and Jim or your point of view,
perhaps they wouldn't be arguing so hard! :-)
Once again you appear to have a major misunderstanding of my position. Whether
or not this is intentional I cannot tell, but the consistency with which you
attempt to twist things around has finally worn through.
I will once again attempt to correct you on these points, but this will be
the last time.
I am not opposed to certificates. I would not have spent hundreds of hours of
my time working on implementing them if I were opposed to them. (I cannot even
begin to imagine the time and effort Jim and Sandy have put into
certificate-based schemes, so labelling them as opposed to certificates is
nothing short of ludicruous.)
I do not believe that certificates are unworkable. I believe that they are
quite workable. In fact I believe they are essential, and that's why I feel
obliged to support them one way or another.
I have not beem dogmatic at all about any of this. My views have in fact been
modified numerous times by many contributors to this discussion, as I have
stated in previous messages. Frequently my views have changed in ways that have
resulted in actual specification changes.
I have also been flexible in acceding to the wishes of various members of this
group, even when I felt that they were in fact completely wrong.
The only person who's being dogmatic here is you, and part of your dogma seems
to be your continued misunderstanding of what we're trying to accomplish.
What I do believe is that the present certs-or-nothing scheme is unworkable in
far too many cases. It raises the point of entry for PEM services to a point
many people cannot reach. This is the problem we're trying to solve.
We need a means of bootstrapping widespread PEM services into existance without
depending on nonexistant infrastructure and forcing people to make selections
and choices that at the outset they lack the knowledge to make, lack the
experience to make, and lack the reason and justification to make. Forcing
people to make choices that result in poor configurations may in fact result in
major security problems.
We do this in MIME/PEM by providing non-cert-based services based on existing
infrastructure that people can easily set up and use. Once this is in place and
people are basically familiar with the services (and this is a major step for
most people) the general utility of certs will become qpparent. If it doesn't
either we haven't done our job properly or else we have incorrectly assessed
the utility of certs from the outset.
And once people realize what certs bring to the table they can upgrade their
configurations without installing any new facilities. They can do this slowly
but surely and without breaking any existing applications. The serious ones
that seek widespread deployment of these services and who wish to minimize
their long-term management headaches will inevitably cut over to pure
cert-based service.
The only alternative that has been presented is to use self-signed
certificates. But there are two major problems with self-signed certificates:
(1) All you get rid of is some of the infrastructure requirement, so the
resulting point of entry is still far too high.
(2) Use of self-signed certificates makes the actual benefits of certificates
very confusing. In the present MIME/PEM scheme certificates and their
associated infrastructure clearly provide a quality of service that non-cert
schemes do not, and allow implementation of policies that non-cert
schemes cannot support. But if you use certs to provide the lower level of
service people will not be clear one what the benefits of certificates
really are.
Ned's recent discussion and understanding of distinguished names is so far
apart from my own, and I think most of the rest of this WG, that I really
wonder how we got this far along in the discussion. It would seem that we have
been on separate planets.
You seem to have the option of living in the clouds. I do not. I have to have
something here that not only can I implement and sell, but that people can
actually set up and use. It is the latter that I worry about.
That's the only difference in locale that I see here.
Let me also say that I think there is an excellent chance that MIME/PEM will
fail, although for none of the reasons you have ever mentioned. For one thing,
we are very very late in this endeavour. There are already other formidable
players in this game that we have to confront, and there is no clear indication
that we will win. And for another, it is not beyond possibility that I am wrong
in my assessment that certificates as currently specified are an essential
service that people really need. If they aren't this whole effort is going
to die.
However, although I might disagree with him from time to time, Ned is
obviously no dummy, and I will take the time to read what he has said
carefully
and try to respond equally carefully. Hopefully one of us will end up
educating
the other, or perhaps both of us will learn something. I will say that if
those
are his perceptions as to what a distinguished name ought to look like, no
wonder he has trouble building a certificate structure! I don't think I could
either, given his self-imposed constraints.
This message is the final straw for me. Your continued misunderstanding and
misrepresentation of my position, despite a multitude of attempts on my part to
correct you on literally scores of points, leads me to the unfortunate
conclusion that this entire discussion has been completely pointless. You
have brought it full circle, and are now ascribing to me the same incorrect
set of beliefs that we started with. Having come full circle, I see no reason
to continue.
Ned