[637] in WWW Security List Archive
Re: Re- Hierarchies and Webs of
daemon@ATHENA.MIT.EDU (John Linn)
Wed Apr 26 12:40:41 1995
To: Rich Salz <rsalz@osf.org>
cc: owner-www-security@ns2.rutgers.edu, www-security@ns2.rutgers.edu,
linn@cam.ov.com
In-reply-to: Your message of "Wed, 26 Apr 1995 00:07:06 EDT."
<9504260407.AA21152@sulphur.osf.org>
Date: Wed, 26 Apr 1995 08:19:30 -0400
From: John Linn <linn@cam.ov.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Clarification:
>>The "hierarchical approach" you are referring to is that used by PEM, based on
>>X.509. This builds on a lot of structure to constrain what you refer to as
>>"transitivity".
>
>Yes, classic PEM depended on Internet-wide X.500 deployment.
Not quite. Classic PEM's dependency is on X.500 name representations
in X.509 certificates; there is, however, no dependency on use of
an X.500 directory to store those certificates. As with any
certificate-based approach, availability of a directory or other
queriable certificate repository is highly desirable, but it was
an important feature of the PEM design to enable "in-band" transfer
of certificate chains along with messages, thus allowing a
best-effort level of operation without a globally-accessible
certificate repository.
--jl
