On 09/30/13 04:41, ianG wrote:
Experience suggests that asking a standards committee to do the encoding format
is a disaster.
I just looked at my code, which does something we call Wire, and it's 700 loc.
Testing code is about a kloc I suppose. Writing reference implementations is a
piece of cake.
Why can't we just designate some big player to do it, and follow suit? Why
argue in committee?
early 90s annual ACM SIGMODS (DBMS) conference in San Jose ... general meeting
in (full) ballroom ... somebody in the audience asks panel on the stage what is
all this x.5xx stuff about ... and one of the panelists replies that it is a
bunch of networking engineers trying to re-invent 1960s DBMS technology.
CA industry is pitching $20B/annum business case on wallstreet ... where the
financial industry pays CAs $100/annum for every account for a
relying-party-only digital certificate ... where the financial industry
providing all the information that goes into the certificate (CA industry just
reformats all the information and digitally signs it). In one case of
institution with 14M accounts, the board asks what is this $1.4B/annum thing
about?
I repeatedly point out that it is redundant and superfluous since the
institution already has all the information. Purpose of the certificate is to
append to every financial transaction. I also point out that digital
certificate payload is enormous bloat, 100 times larger than the transaction
size its attached to (besides redundant and superfluous)
CA industry then sponsors x9.63 work in X9 financial standards industry for
"compressed certificate" format ... possibly getting the payload bloat down to
10 times (instead of hundred times). Part of the compressed certificate work was to
eliminate fields that the relying party already had. Since I had already shown that the
relying party (institution) already had all fields, it was possible to compress every
certificate to zero bytes ... so rather than doing digitally signed transactions w/o
certificates ... it was possible to do digitally signed transactions with mandated
appended zero-byte certificates.
Trivia: last few years before he passed, Postel would let me do part of STD1.
There was a joke that while IETF required at least two interoperable
implementations before standards progression, ISO didn't even require that a
standard be implementable.
--
virtualization experience starting Jan1968, online at home since Mar1970
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
