[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape the Big Win
Hal Finney writes:
>From: Adam Shostack <[email protected]>
>> Actually, it also supports Kerberos (not relevant to most of
>> us), and PGP messaging. Although a KCA would be needed before anything
>> useful came of the PGP support, at least its there.
>
>It appears that support for PGP messaging has been removed from the
>July 1995 SHTTP draft. So it's X.500 all the way.
><URL:http://info.internet.isi.edu/in-drafts/files/draft-ietf-wts-shttp-00.txt>
Well, X.509 for now. The Eastlake-Kaufman DNS Security work
(draft-ietf-dnssec-secext-04.txt) plus MOSS (draft-ietf-pem-mime-08.txt
--now proposed standard, awaiting an RFC number) promise to give us
a non-X.509 certification structure for the Internet. S-HTTP explicitly
looks to this work to free us from X.500.
Note that this only marginally improves the situation, however,
since what you really want is commercial-grade certification,
and you still can't issue RSA certificates, whatever the
format, without licensing from RSADSI. This promises to be
something of an issue in the future.
-Ekr