Re: Historical PKI resources

2001-01-12 Thread Rodney Thayer 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(If you ask me, veering off into unsolicited advertisements for
unrelated ANSI standards isn't actually on-topic, but there are
other posts so I'll assume Perry will let this through...
I'm making historical comments so this is grist for the original
query.)

At 08:39 PM 1/8/01 -0500, Rich Salz wrote:
>The adoption by X.509 for use as authentication in X.500 got us common
>technology, and is probably the only reason anyone will ever have to
>learn
>ASN.1 and DER. :)

Some of us learned ASN.1 and DER because of The Great ISO Scare of
the 80's.  That gave us a disfunctional protocol stack, which included
disfunctional file transfer (FTAM), virtual terminal (VT), and email (X.400).

Other than the pollution of the Microsoft email gene pool (Exchange has
X.400 code in it's belly, something about ancestors frome one's past one
should be ashamed of...) there was little real X.400 usage, but that and
a small amount of FTAM were the only 'real' reasons some of us learned ASN.1.
It was appalling to see that SNMP, and later PKIX, decided to adopt this bad
idea from the past.  X.500 was the directory scheme for X.400, as was DAP,
so seing it recast itself as LDAP wasn't to nice either.


>The old IETF PEM project gave us "---BEGIN" lines :) and showed
>empirically
>that global X.500 deployment is a non-starter.


Or, it showed that you can have disfunctional standards activities inside
the IETF.  Both are probably true.  PEM also gave us BASE 64.  So there's
TWO things it did reasonably.


>   RSA's version, which
>became
>the IETF's S/MIME showed how to do it practically.

Practically?  You're joking, right?


-BEGIN PGP SIGNATURE-
Version: PGP 7.0

iQA/AwUBOl9JFj/0TyQ4fTjtEQLMFQCeJ8QEtEDVJV8hSsPuJu9k1IX1iT4AoKA0
nVA+b/Gn+LJM87vh05yVm/74
=rNUs
-END PGP SIGNATURE-

Re: Historical PKI resources

2001-01-10 Thread James H. Cloos Jr. 

> "r$" == Rich Salz <[EMAIL PROTECTED]> writes:

r$> R sent me a nice note pointing out that it was actually a
r$> bachelor's thesis, supervised by A.  Apparently unpublished.

Online at theses.mit.edu.  cf:

http://theses.mit.edu/Dienst/UI/2.0/Composite/0018.mit.theses/1978-29/1

They also have a link to order paper, fiche and possibly pdf copies.

(Can't wait untill all schools have all their theses up at least as well.)

-JimC
-- 
James H. Cloos, Jr.   1024D/ED7DAEA6 
<[EMAIL PROTECTED]>  E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6

Re: Historical PKI resources

2001-01-09 Thread Lynn . Wheeler 



the x9.59 standard is authentication as well as certificate neurtral.

aads is pki no certificate ... i.e. it has a public key infrastructure with
respect to public key management ... it just that its public key management
attempts to take advantage of extensive existing "binding" business processes
rather than inventing new ones. Now it may not be PKI, for  PKI==X.509, but it
is not "no infrastructure" (although they have been some claims that no "new"
infrastructure is equated to "no infrastructure", aka existing password, PIN,
mother-maiden-name, SSN, etc infrastructures don't actually exist).





Rich Salz <[EMAIL PROTECTED]> on 01/09/2001 04:20:44 PM

To:   Lynn Wheeler/CA/FDMS/FDC@FDC
cc:   [EMAIL PROTECTED]
Subject:  Re: Historical PKI resources



Well gee, thanks I guess, but since your baby is explicitly PK no I,
it's
pretty irrelevant, no?

(Anyone else reminded of the old turk/armenian 'bot on Usenet? :)
 /r$

Re: Historical PKI resources

2001-01-09 Thread Rich Salz 

R sent me a nice note pointing out that it was actually a bachelor's
thesis, supervised by A.  Apparently unpublished.
/r$ (not S, and certainly not *that* S :)

> @unpublished{Kohnfelder78,
> author =   {Kohnfelder, Loren M.},
> title ={Towards a Practical Public-Key Cryptosystem},
> year = 1978,
> month =May,
> note = {B.S. Thesis, supervised by L. Adleman}
> }

Re: Historical PKI resources

2001-01-09 Thread Lynn . Wheeler 




as an aside  ... note X9.59 which can be implemented with public/private key
digital signature ... but doesn't dictate certificates (it is possible to
implement with or without certificates; x.509 or not). W/o certificates, do
public key management using existing business processes in place for passwords
and PINs ... i.e. in conjunction with the database/file that is also referenced
for authorization (either logging-on or financial transactions).

random refs:

http://www.garlic.com/~lynn/

 from x9a10 mailing list

The X9.59 DSTU period starts Feb. 1, 2001 and runs through Jan. 31, 2003

The X9.59 DSTU standards document should appear in the next standards
publication catalogue:

DSTU X9.59-2001, Electronic Commerce For the Financial Services Industry:
Account-Based Secure Payment Objects

X9.59 defines a secure payment object for use in authenticated financial
transactions. It relies on existing X9F security standards for payment object
authentication. It supports secure payments involving virtual (e.g. Internet) or
face-to-face transactions. It applies to card-based (e.g. smart card) financial
transactions as well as other forms of electronic financial transactions (e.g.
e-check).







Rich Salz <[EMAIL PROTECTED]> on 01/08/2001 05:39:22 PM

To:   [EMAIL PROTECTED]
cc:(bcc: Lynn Wheeler/CA/FDMS/FDC)
Subject:  Re: Historical PKI resources



> Here's the BibTeX entry for the paper that apparently "started it all"..

The D-H paper is the public start of public-key crypto.  The scientific
American article by Gardner explained, pre-patent-issuance, RSA to the
world. The start of PKI is an MIT Master's Thesis that created
certificates.

Sorry, no references to any of the above.  Should not be hard to find.

The adoption by X.509 for use as authentication in X.500 got us common
technology, and is probably the only reason anyone will ever have to
learn
ASN.1 and DER. :)

The old IETF PEM project gave us "---BEGIN" lines :) and showed
empirically
that global X.500 deployment is a non-starter.  RSA's version, which
became
the IETF's S/MIME showed how to do it practically.

I'll stop now before I get too cynical. :)
 /r$

Re: Historical PKI resources

2001-01-09 Thread Rich Salz 

> Here's the BibTeX entry for the paper that apparently "started it all"..

The D-H paper is the public start of public-key crypto.  The scientific
American article by Gardner explained, pre-patent-issuance, RSA to the
world. The start of PKI is an MIT Master's Thesis that created
certificates.

Sorry, no references to any of the above.  Should not be hard to find.

The adoption by X.509 for use as authentication in X.500 got us common
technology, and is probably the only reason anyone will ever have to
learn
ASN.1 and DER. :)

The old IETF PEM project gave us "---BEGIN" lines :) and showed
empirically
that global X.500 deployment is a non-starter.  RSA's version, which
became
the IETF's S/MIME showed how to do it practically.

I'll stop now before I get too cynical. :)
/r$

Re: Historical PKI resources

2001-01-08 Thread Jeff . Hodges 

[EMAIL PROTECTED] said:
>  I have found significant information about PKI as it exists today,
> but am looking for some background information.  I'm looking for
> information about the history of PKI, how and where it started, how it
> developed, etc.

good question. I don't have an answer offhand but know one place to start 
searching.

Here's the BibTeX entry for the paper that apparently "started it all"..

@misc{ diffie76new,
author = "W. Diffie and M. Hellman",
title = "New Directions in Cryptography",
text = "W. Diffie and M. E. Hellman, 
  New Directions in Cryptography, IEEE Trans.
  Info. Theory IT-22, Nov. 1976, pp. 644-654",
year = "1976"
}

If I was doing the brute-force approach, I'd use http://citeseer.nj.nec.com/ 
(aka www.researchindex.com) to chase down other papers referencing this one 
from the late 1970's and early-to-mid 1980's.

Alternatively, other's on this list may know of other available resources 
where someone's already done this work.

regards, 

JeffH