On 3/4/21 6:57 AM, Phillip Hallam-Baker
wrote:
On Thu, Mar 4, 2021 at 4:35 AM Jared Mauch <jared@xxxxxxxxxxxxxxx> wrote:
On Mon, Mar 01, 2021 at 05:18:10PM -0800, Michael Thomas wrote:
> The combination of ASN.1 and X.509 has done irreparable harm to identity on
> the internet. X.509 provides exactly one benefit: the ability to verify
> offline that almost nobody cares about anymore. They have needlessly
As someone who had to build my own fiber/internet access in
a developed country, I believe the community often misses the mark in
assuming everyone is as well connected as they are.
I encourage you to review this assumption.
It is really rare that people try to use TLS without Internet connectivity. And the deployed base really isn't good at working in that mode.
Kohnfelder was originally writing for email messaging. But even then, how do you send a mail without some connectivity?
X.509 is really optimized around the totally offline case. And that is a bad choice for many applications. But it does work for some.
That's the thing: the only thing that X.509 is used for at any scale is TLS and that is definitionally online. Everything else is niche in comparison. If you need offline capability, fine, but almost nothing does anymore if it's associated with the internet in any way.
Mike
