On 2 Mar 2021, at 02:18, Michael Thomas <mike@xxxxxxxx> wrote: > The combination of ASN.1 and X.509 has done irreparable harm to identity on the internet. X.509 provides exactly one benefit: the ability to verify offline that almost nobody cares about anymore. Actually - to provide a counter point - with the current Covid-19 response effort - the fact that we have X.509 (and CMS, pkcs7/10) and can do off-line verification is proving to be a great asset. As it allows for verification of signatures without the need for the verifier to instantly disclose to world+dog what they are doing. And this is in addition to the ability of any app to set up trusted connections based on cached/offline data. So I would not discount this aspect too quickly. Dw
