"Kipp E.B. Hickman" says:
First of all, lets start with "not wanting to secure the transport layer". Right now email, passwords, etc. can be read off of the internet in the clear providing no measure of privacy at all. I believe the SSL protocol solves this problem.
First of all, Mr. Hickman, you might notice that I said that encryption is needed for privacy. However, transport layer security is far from sufficient for the web because it DOES NOT SECURE THE DOCUMENTS. The fact that you mention email and SSL in the same paragraph demonstrates an ignorance of this topic. Because email is store and forward transport layer encryption mechanisms are worthless -- they only say that no one could read the last hop and in no way do they secure the documents themselves. Thats why PEM was developed. There is now a merger of PEM and MIME that is soon going to be a proposed internet standard following the last IETF meeting. Indeed, Mr Hickman, had you and your friends at Netscape been paying attention instead of rolling your own, you might have noticed that IPSP prototypes are around TODAY and that transport layer mechanisms are going to become rapidly obsolete for securing the communications themselves. You can find a version of swIPe, which is not quite IPSP but is fairly similar (and which is being hacked on so that it will conform) on ftp.csua.berkeley.edu; its even modloadable on Suns. Thats available TODAY.
In some future land where IPNG or it's cousin's appear, then maybe SSL will be unnecessary.
Even were transport layer security needed, there are many other protocols for doing the exact same thing -- your solution is hardly new or interesting. Why not use an existing one instead of rolling Yet Another One? Of course, as I've repeatedly mentioned, network layer security is being used by many people today and will be standardised very soon -- probably before SSL.
Finally, the system is perfectly usable in a proxy environment.
Sheer ignorance. In your system I must trust each and every hop between myself and the document, and I must also trust all the servers. With public key signatures on the documents themselves, as Amanda Walker mentioned, you then need trust nothing at all in order to know that documents are authentic.
Secondly, SSL is not an end, but a beginning. Instead of waiting 10 more years before the standards process gets around to inventing some old technology and codifying it, we have put something out.
I'm afraid that your technology is the old one, and as for "putting something out", as I mentioned network layer solutions are available for ftp TODAY. In source form. Immediately. Oh, and by the way, they don't incorporate such useless abortions as 40 bit RC4 keys.
We have made the protocol public instead of propreitary
IPSP is also public. So what?
It is also tied directly to the RSA certification hierarchy.
I'll point out that X.509 is widely loathed in the internet community -- its X.509 that caused PEM to fall flat on its face and die.
Loathed for what reason? Because it's a standard?
We also loathe CLNP. Do you propose to do all your network layer communications over CLNP because it, too, is an ISO standard? ISO standards are universally loathed in the internet community -- and for good reasons. Lets take X.509 as one example. X.509 is tied into X.500 distinguished names. They are 1) Bulky 2) Do not map into DNS names 3) Cannot be mapped into the DNS. 4) Do not support the web of trust model. 5) Are difficult to build parsers for 6) Require bulky and often expensive X.500 directory systems to use effectively.
You are whining.
No, I am correct. You are ignorant of the community you are working with.
Well, TCP/IP is available for free, but thats a horse of a different color. I don't particularly like your security model, but I don't object that strenuously to your use of TIPEM qua TIPEM. I do strongly object to X.509, which is based on technologies entirely alien to the internet. How do I look up an X.509 certificate in the DNS? Now, given the Eastlake and Kaufman DNS security system, you can put keys in the DNS if you use DNS names, but X.509 uses abortive ISO distinguished names which are utterly unmappable into the DNS.
Now this is a good point. This is the kind of space that the internet is heading into. How does authentication work in the larger scheme? We at Netscape have tackled a small piece of the problem space. But the larger picture remains unsolved.
I'm afraid the larger picture has been solved -- you just haven't been the ones solving it and you haven't been paying attention to the other people doing work in this area.
Discussions about how to do this are welcome. Using DNS style technology sounds like a good place to start.
Perhaps if you guys had bothered to attend some of the security area meetings at an IETF or two and read up on existing art you would have already known about this topic.
In addtion, discussing how to solve the "DNS" problem would be profitable for all.
The solution is easy -- don't use X.509 certificates. Perry