[Ick, resending to list due to From: snafu] On Tue, Feb 18, 2014 at 11:47 PM, Peter Todd <p...@petertodd.org> wrote: > What specifically do you dislike about X.509? The technical standard or > the infrastructure around it? (IE the centralized authorities)
I'm not the one who was complaining, but what I dislike is that a certificate can have only one issuer. Cross-signing doesn't address my dislike: it's different enough from being a certificate's single issuer that it leaves too much power in the CAs' hands, IMHO. It isn't so much the centralization per se that I object to, but the way that the technical standard encourages concentration in the infrastructure. See http://lair.fifthhorseman.net/~dkg/tls-centralization/#Why_does_the_architecture_encourage_concentration%3F I've been (slowly) working on a patch to allow pki_data to contain more than just the single certificate chain that the single-issuer-only format insists on, but I'm making as many steps back as forward, being unsure of the right way to do it. Implementing an OpenPGP-based pki_type would probably be better, but hacking x509+* seems like a lower-hanging fruit. ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
