On Thu, Mar 4, 2021 at 4:35 AM Jared Mauch <jared@xxxxxxxxxxxxxxx> wrote:
On Mon, Mar 01, 2021 at 05:18:10PM -0800, Michael Thomas wrote:
> The combination of ASN.1 and X.509 has done irreparable harm to identity on
> the internet. X.509 provides exactly one benefit: the ability to verify
> offline that almost nobody cares about anymore. They have needlessly
As someone who had to build my own fiber/internet access in
a developed country, I believe the community often misses the mark in
assuming everyone is as well connected as they are.
I encourage you to review this assumption.
It is really rare that people try to use TLS without Internet connectivity. And the deployed base really isn't good at working in that mode.
Kohnfelder was originally writing for email messaging. But even then, how do you send a mail without some connectivity?
X.509 is really optimized around the totally offline case. And that is a bad choice for many applications. But it does work for some.
