Eric Murray <ericm@lne.com> writes:

Too often people see something like Peter's statement above and say "oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML instead and then it'll work fine" which is simply not true. The formatting of the certificates is such a minor issue that it is lost in the noise of the real problems. And Peter publishes a fine tool for printing ASN.1, so the "human readable" argument is moot.

Note that there isn't a real running global PKI using SPKI or PGP either.

A debate topic I've thought of occasionally in the last year or two: If digital signatures had never been invented, would we now be happily using passwords, SecurIDs, challenge-response tokens, etc etc to do whatever we need rather than having spent the last 20-odd years fruitlessly chasing the PKI dream? There was some interesting work being done on non-PKI solutions to problems in the 1970s before it all got drowned out by PKI, but most of it seems to have stagnated since then outside a few niche areas like wholesale banking, where it seems to work reasonably well. (Hmm, now *that* would make an interesting panel session for the next RSA conference). Peter.