On 3/4/21 10:48 AM, Keith Moore wrote:
On 3/4/21 12:14 PM, Michael Thomas wrote:
That's the thing: the only thing that X.509 is used for at any scale
is TLS and that is definitionally online. Everything else is niche in
comparison. If you need offline capability, fine, but almost nothing
does anymore if it's associated with the internet in any way.
I don't think that's true at all. There are a vast number of
networks that are mostly disconnected from the Internet (but probably
do connect occasionally), but which still use Internet protocols and
applications.
It's silly to dismiss those as if they didn't exist or weren't
important. They're quite often parts of critical infrastructure.
Online != Internet connected. If you're using TLS you are online
definitionally. You may be on a stub air-gapped network but you're still
using internet protocols to communicate. That stub network can have all
it needs to support its infrastructure. It's just as online as anything
else. X.509 comes from a time where you couldn't even make that
assumption. Applications that require that assumption are pretty far and
few between these days.
Mike
