Phill, On 09/24/2013 05:25 PM, Phillip Hallam-Baker wrote: > Looking at the extreme breach of trust by US govt re PRISM, I think it is > time to do something we should have done decades ago but were stopped at US > Govt request. > > Lets kill all support for X.400 mail. > > This is still in use, I know. But looking through the PKIX spec the schema > is ten pages long. I count seven pages of garbage that we could kill if we > abandoned support for X.400, garbage character sets no longer needed, bogus > time formats, etc. etc. > > > Certificates do not need to be as complicated as X.509v3 made them. To work > with certificates issued for the Internet, an application needs to support > only 20% of the PKIX schema at most. Sure, if we went back to the late 1990's that'd have been worth doing. And sure, if we re-invent rfc 5280 public key certs we can not include some stuff. Not that I see much benefit in re-inventing 5280 PKCs as a thing to do in and of itself. (And of course DANE includes hardly any ASN.1 nonsense if you pick the right options so we already have an option without that baggage.) But I see no benefit in messing around with rfc 5280 at this stage for fun. (I said the same to the ITU-T person who seems to want to do that with their x.509 spec the other day when the topic came up on wpkops.) So -1 to that kind of change unless there's a much better reason. S. > >