[639] in WWW Security List Archive
Re- Hierarchies and Webs of [trust]
daemon@ATHENA.MIT.EDU (rdenny@netcom.com)
Wed Apr 26 19:28:56 1995
From: rdenny@netcom.com
Date: Wed, 26 Apr 95 10:55:31 PDT
To: Rich Salz <rsalz@osf.org>, John Linn <linn@cam.ov.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I have followed this thread, and I basically agree that a generalization
of the trust model is a "good thing". My reasons are a bit different.
I am the author of WebSite, a "low cost" Web server package for WinNT
and Win95. The current pricing for a classical/"real" cert is in the
hundreds of dollars. This just can't be translated to the "little guy"
world. I have been told by a guy at Terisa that the CA business is a
guaranteed money loser. Take these two things and you have a prescription
for elitism and/or failure of the classic hierarchical trust model.
It seems like a PGP-like trust model should be integrated into the
cryptosystems we are deploying. It can't hurt, and it could avoid a
painful adjustment doen the road.
On another front, it seems to me that the X.500-like scheme for
distinguished names (DNs) is also a long term loser. Look at the
keywords and their use, it's already a distortion of the original
meanings.
The fixed-semantics, key/value naming scheme that was designed
into X.400 and X.500 is one of the chief reasons for the failure of
X.400. A comparison of the Internet Domain Naming System with the
X.500 scheme should give you the idea. Compare an internet email
address with an X.400 email address, for example.
The Internet Domain Naming System would do just fine for a web-of-trust
model. The system does produce distinguished names.
Can't we just rid ourselves of X.500 naming and just stick to the tried
and true domain naming system like we have for everything else on the
net?
-- Bob
Robert B. Denny PGP key via finger rdenny@netcom.com or most keyservers
+1 818 792 5656 Fprnt: C7 41 F1 81 A0 C3 3D 42 5D 9A 58 5F D2 E2 B4 FB
