Re: What ASN.1 got right

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 3/4/21 11:24 AM, Keith Moore wrote:
On 3/4/21 2:17 PM, Michael Thomas wrote:

My point here isn't to defend how TLS works, it's to say that almost nothing requires the truly offline verification aspect that x.509 brings to the table.

Emphatically disagree.   There are lots of situations requiring "truly offline" certificate verification.
What? Seriously what? A Mars rover, maybe? And if they truly need offline verification, fine use X.509. For all the rest it is just so much more unneeded baggage and confusion.


I can (and have) built a asymmetric key login mechanism that just puts naked public keys into a user table of a database, for example. The x.509-first view of the asymmetric keys world has confused a lot of thinking and had I introduced it to that mechanism it would have worlds more complex and much harder to understand. Designers should, dare I say it, be looking at the actual requirements of the system before settling on a particular solution.

Perhaps you should take your own advice.

I did take my own advice. The result was DKIM. So did the SSH folks which works just fine on a disconnected network.

Mike




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux