[
Lists Home |
Date Index |
Thread Index
]
- From: David Brownell <david-b@pacbell.net>
- To: "Steven Livingstone, ITS, SENM" <steven.livingstone@scotent.co.uk>
- Date: Fri, 21 Jan 2000 11:29:52 -0800
"Steven Livingstone, ITS, SENM" wrote:
>
> Anybody doing much work with XML Certificates for security??
I'd certainly hope not!
There are roughly two standards that matter today:
- X.509, as issued by Verisign (99% worldwide monopoly
in the non-corporate space, if the Thawte acquisition
goes through). Binary, baroque syntax, overfeatured.
- OpenPGP, which doesn't have a "BigBrother" hook (anyone
can cut a cert, you don't punt the "do I trust XXX"
issue by trusting some Big Brother). Both ASCII and
binary formats exist; simpler.
Public Key Infrastructure is a big enough problem that IMHO it's
really not worth tweaking low level standards. The problems that
need solving are at the level of global infrastructure deployment,
trustability, and (especially) usability. XML can't help there.
For OpenPGP info/source/... I'd suggest http://www.gnupg.org for
info. It interoperates with PGP 5.x and later.
What's lacking is commercial support for OpenPGP; licensing deals
with Verisign have ensured that X.509 availability skyrocketed
despite its problems. Browsers have X.509 for SSL support (and
S/MIME), few as yet (even Mozilla) support OpenPGP.
- Dave
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ or CD-ROM/ISBN 981-02-3594-1
Unsubscribe by posting to majordom@ic.ac.uk the message
unsubscribe xml-dev (or)
unsubscribe xml-dev your-subscribed-email@your-subscribed-address
Please note: New list subscriptions now closed in preparation for transfer to OASIS.
- References:
- XML Certificates
- From: "Steven Livingstone, ITS, SENM" <steven.livingstone@scotent.co.uk>
|
