[634] in WWW Security List Archive
Re: Re- Hierarchies and Webs of
daemon@ATHENA.MIT.EDU (Rich Salz)
Wed Apr 26 04:51:19 1995
From: Rich Salz <rsalz@osf.org>
Date: Wed, 26 Apr 95 00:07:06 -0400
To: owner-www-security@ns2.rutgers.edu, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>The "hierarchical approach" you are referring to is that used by PEM, based on
>X.509. This builds on a lot of structure to constrain what you refer to as
>"transitivity".
Yes, classic PEM depended on Internet-wide X.500 deployment. And as
a result it is for all intents and purposes dead. The only "life" being
shown in the mailing list is for MOSS, which is a Mime use of PEM headers
and algorithms to implement PGP-style trust model.
As for other comments (nedbob?): yes, if every CA cross-certifies then
you've got a web, but there is no requirement. Just becuase the two *can*
be isomorphs doesn't mean they will be.
/r$
