To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Paul Hoffman / IMC <phoffman@imc.org>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Jan 2002 15:23:01 -0500
Delivery-Date:
Fri Jan 4 21:23:12 2002
In-Reply-To:
Steve Hanna's message of "Fri, 04 Jan 2002 15:15:18 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
Steve Hanna <steve.hanna@sun.com> writes:
> There are benefits to using certs instead of just keys. One is
> the more flexible trust model.
Sure, and there are benefits to using keys instead of certs.. And
there are benefits to using PGP instead of X.509.. and the list goes
on. This isn't the forum for that discussion.
> I guess you're saying that this list should drop discussion of
> certs because some applications are happy using keys.
No, I'm saying we should drop the discussion of whether we should
choose between certs and keys (which includes the discussion of
the merits of keys vs. certs).
> Which
> applications are you talking about?
Currently, I can point to SSH and Linux FreeS/WAN (an IPsec
implementation) that do not support certificates and appear to be very
happy not supporting certificates. Similarly, the IPsec Opportunistic
Encryption proposal requires a single, global insfrastructure for
keying information that is tied to IP Addresses.
> And how do you know that
> they don't want to consider using certs?
And how do you know that they DO want to consider using certs. I base
my stance on the fact that if they wanted to implement using
certificates they would have done so from the get-go. The fact that
they chose not to use certificates implies (to me) some engineering
decision to that affect. Who am I (and who are you) to second-guess
their intentions?
> -Steve
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available