OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: XML Certificates

[ Lists Home | Date Index | Thread Index ]
  • From: David Brownell <david-b@pacbell.net>
  • To: "Steven Livingstone, ITS, SENM" <steven.livingstone@scotent.co.uk>
  • Date: Fri, 21 Jan 2000 11:29:52 -0800

"Steven Livingstone, ITS, SENM" wrote:
> 
> Anybody doing much work with XML Certificates for security??

I'd certainly hope not!

There are roughly two standards that matter today:

	- X.509, as issued by Verisign (99% worldwide monopoly
	  in the non-corporate space, if the Thawte acquisition
	  goes through).  Binary, baroque syntax, overfeatured.

	- OpenPGP, which doesn't have a "BigBrother" hook (anyone
	  can cut a cert, you don't punt the "do I trust XXX"
	  issue by trusting some Big Brother).  Both ASCII and
	  binary formats exist; simpler.

Public Key Infrastructure is a big enough problem that IMHO it's
really not worth tweaking low level standards.  The problems that
need solving are at the level of global infrastructure deployment,
trustability, and (especially) usability.  XML can't help there.

For OpenPGP info/source/... I'd suggest http://www.gnupg.org for
info.  It interoperates with PGP 5.x and later.

What's lacking is commercial support for OpenPGP; licensing deals
with Verisign have ensured that X.509 availability skyrocketed
despite its problems.  Browsers have X.509 for SSL support (and
S/MIME), few as yet (even Mozilla) support OpenPGP.

- Dave

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ or CD-ROM/ISBN 981-02-3594-1
Unsubscribe by posting to majordom@ic.ac.uk the message
unsubscribe xml-dev  (or)
unsubscribe xml-dev your-subscribed-email@your-subscribed-address

Please note: New list subscriptions now closed in preparation for transfer to OASIS.



  • References:
    • XML Certificates
      • From: "Steven Livingstone, ITS, SENM" <steven.livingstone@scotent.co.uk>



 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS