> From: [EMAIL PROTECTED] On Behalf Of Kyle Hamilton > Sent: Thursday, 10 April, 2008 07:39
> David Schwartz wrote: > > And with respect to the other thread, I agree with you. The > level of security should be the highest that doesn't require > sacrificing things that are more important than security. > Sometimes all you need is to keep out your kid sister, <snip> > > X.509 was written to support SET (Secure Electronic Transactions), and > standardize the things that SET needed. X.509 wasn't appropriate to > the Internet, and that's why the "Internet Profile" (PKIX) was issued. > Huh? SET used X.509, as did PEM PKCS/SMIME and SSL et seq, but it was written for X.500 and X.400 and potentially other ISORMs back in the 1980s. SET actually "needed" (at least chose) to add a (small) extension -- using the generic framework for extensions that X.509v3 did standardize, and that many others have also used. Even if you mean that SET was (reasonably) well suited to X.509's intended trust model, that occurred indirectly, because they both independently tried to model real-world business relationships, and unsurprisingly came up with similar results ... > Unfortunately, the people who wrote the PKIX were people trying to > make the protocol have the things that the financial > services/fiduciary communities needed. Many of the things in there > just do not apply to the things that general users of the Internet use > the Internet for. > ... which (business trust model) as you point out isn't the same as sometimes desireable for cyberspace activities. <snip rest> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
