On 2 Mar 2021, at 19:19, Michael Thomas <mike@xxxxxxxx> wrote:
On 3/2/21 12:33 AM, Dirk-Willem van Gulik wrote: On 2 Mar 2021, at 02:18, Michael Thomas <mike@xxxxxxxx> wrote:
The combination of ASN.1 and X.509 has done irreparable harm to identity on the internet. X.509 provides exactly one benefit: the ability to verify offline that almost nobody cares about anymore.
Actually - to provide a counter point - with the current Covid-19 response effort - the fact that we have X.509 (and CMS, pkcs7/10) and can do off-line verification is proving to be a great asset. As it allows for verification of signatures without the need for the verifier to instantly disclose to world+dog what they are doing. And this is in addition to the ability of any app to set up trusted connections based on cached/offline data. So I would not discount this aspect too quickly.
Er, how so? And what does it have to do with the covids? And once you rely on online crl's, it's all the same.
Purely as an example - that, even in this time of the internet - the `ability to verify offline' is something one may care about - in this particular case -- to verify a X.509 in the field, entirely off-line and without any communication. If you need to do OCSP or CRL's - then obviously a CRL may be a better idea if you are trying to minimise the surveillance options.
Dw
|
