I suspect our current X.509 PKI was invented at Xerox … likely PARC. The first X.509 draft was a Xerox contribution in about 1984. I have it somewhere in my garage…
Paul On Apr 29, 2014, at 1:45 PM, Greg <g...@kinostudios.com> wrote: > On Apr 29, 2014, at 1:18 PM, ianG <i...@iang.org> wrote: > >> Yes, 1994, when Netscape invented SSL v1. Which had no MITM support, >> which was then considered to be a life and death issue by RSADSI ... >> which just happened to have invested big in a think called x.509. And >> the rest is history. >> >> Some commentary here, which is opinion not evidence. >> >> http://financialcryptography.com/mt/archives/000609.html > > Fascinating. I especially liked the timelines there, thanks for the link! > > I'm now slowly coming to the conclusion that my search for a specific > "birthdate" of modern PKI might be in vain. > > The way I phrased it in an email to Peter was: > > Do you happen to know of the date of the following event: when did the first > publicly available web browser successfully connect over HTTPS to the a > publicly available HTTPS website, and have the website's certificate > validated by a CA in the same manner as it is done today? > > ..if that's not available, then simply the date of the release of the first > implementation of HTTPS? > > > There's also this little timeline graphic from the link: > > <gp8.png> > > Then there's the wiki: > https://en.wikipedia.org/wiki/Transport_Layer_Security#History_and_development > > Which says: > > The SSL protocol was originally developed by Netscape.[10] Version 1.0 was > never publicly released; version 2.0 was released in February 1995 but > "contained a number of security flaws which ultimately led to the design of > SSL version 3.0."[11] SSL version 3.0, released in 1996, was a complete > redesign of the protocol produced by Paul Kocher working with Netscape > engineers Phil Karlton and Alan Freier. Newer versions of SSL/TLS are based > on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical > document in RFC 6101. > > > And there's the x509 wiki: > https://en.wikipedia.org/wiki/X.509#Public-Key_Infrastructure_.28X.509.29_Working_Group > > The The Public-Key Infrastructure (X.509) working group (PKIX) was a working > group of the Internet Engineering Task Force dedicated to creating RFCs and > other standard documentation on issues related to public key infrastructure > based on X.509 certificates. PKIX was established in Autumn 1995 in > conjunction with the National Institute of Standards and Technology.[17] > > > > So... it sounds like Netscape either had a publicly available implementation > of "modern PKI" before, or at about the same time as the standards were being > published. > > In that case, while there doesn't appear to be a precise date, the birth year > at least seems to be 1995. This monstrosity was born sometime late 1995. > > Is that about right? Or would I be mistaken to call that the birth year? > > Thanks much for the history lesson and fascinating references! > > - Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography