I've been wondering about the feasibility of using SPKI certs. I quite like some of the features (delegation) and relative ease of implementation (compared to X.509 certs)...of course, readability of certs could go a long way to helping end-users evaluate for themselves the trustworthiness of the cert. While pgp certs could probably be a good alternative (given the existing user base and infrastructure)....even though lacking in the ability to delegate. However, I'm a little wary since at the moment there seem to be just a few sources of info or proponents (even though their arguments seem convincing to me) when it comes to SPKI. I am also not aware of any products or PKIs that use SPKI certs. I would really appreciate if someone could refer me to instances of actual usage of SPKI certs.
Jay Listo <jay.listo@gmail.com> writes:
I am also not aware of any products or PKIs that use SPKI certs. I would really appreciate if someone could refer me to instances of actual usage of SPKI certs.
They were never really used. The great feature of SPKI is that it's not X.509 (so it's a design fit for a purpose rather than being digital ancestor- worship of failed OSI standards from the 1980s). The great failing of SPKI is that it's not X.509 (it's impossible to get any cert mechanism accepted unless it's called X.509). Peter.
Thank you for such a frank response, Peter...I read someone's archived post that you should be a "protected world resource" (?). I realise I could have emailed you directly about this a while back, but I really wanted to get the opinion of other people unrelated to SPKI development/advocacy. It took me a few months to find out how to get on this list (a bit of a convoluted process for me to finally figure out), since I thought this would be the best forum of informed people to get a valid response. Seems like yours would be the definitive response...but I am kind of hoping for others' opinions as well. It's a pity if SPKI is not used just because it's not X.509. Peter Gutmann wrote:
Jay Listo <jay.listo@gmail.com> writes:
I am also not aware of any products or PKIs that use SPKI certs. I would really appreciate if someone could refer me to instances of actual usage of SPKI certs.
They were never really used. The great feature of SPKI is that it's not X.509 (so it's a design fit for a purpose rather than being digital ancestor- worship of failed OSI standards from the 1980s). The great failing of SPKI is that it's not X.509 (it's impossible to get any cert mechanism accepted unless it's called X.509).
Peter.
participants (2)
-
Jay Listo -
pgut001@cs.auckland.ac.nz