Re: [Botan-devel] OT: SPKI
Brought to you by:
randombit
Menu
▾
▴
Re: [Botan-devel] OT: SPKI
|
From: Jack L. <ll...@ac...> - 2003-06-25 17:44:42
|
On 24 Jun 2003, Sean Radford wrote: > Hi, > > Just wondering, have people on this list come across Simple Public Key > Infrastructure, and if so what are their thoughts? I've looked at some docs (mostly the RFCs) a few months ago. It seems nice. Almost certainly easier/saner to implement than X.509 (but what isn't?). The sexps I'm not a huge fan of, it seems like they'd be a bit tricky to process (at least in C/C++/Java - in Perl/Lisp/ML they'd probably be a piece of cake). SPKI seems to have a rather different idea about certificates than X.509 (or even PGP). I get the impression reading RFC 2692 that the main uses SPKI was being considered for are offline uses (that is, direct interaction between, say, a smartcard and a reader), rather than over the network. The main problem is lack of deployment, in particular since such non-networked uses are more suited for SPKI (ie, you have to get hardware vendor support). I have heard some rumblings that SSH and SSL are being modified to support SPKI, though I haven't seen anything about it lately on the IETF SSH or TLS lists. So, in summary, my opinion is that SPKI is much better suited to short-term uses and offline uses (which are often related) than X.509. I have a feeling this is largely X.509's own fault, though (you can do anything with X.509 that you can do with SPKI, the problem being that if you do it in X.509 it's not going to be portable and it will be awful to implement). How's your implementation work coming (if at all)? -J |
