On 09/30/13 04:41, ianG wrote:
Experience suggests that asking a standards committee to do the encoding format 
is a disaster.

I just looked at my code, which does something we call Wire, and it's 700 loc.  
Testing code is about a kloc I suppose.  Writing reference implementations is a 
piece of cake.

Why can't we just designate some big player to do it, and follow suit? Why 
argue in committee?

early 90s annual ACM SIGMODS (DBMS) conference in San Jose ... general meeting 
in (full) ballroom ... somebody in the audience asks panel on the stage what is 
all this x.5xx stuff about ... and one of the panelists replies that it is a 
bunch of networking engineers trying to re-invent 1960s DBMS technology.

CA industry is pitching $20B/annum business case on wallstreet ... where the 
financial industry pays CAs $100/annum for every account for a 
relying-party-only digital certificate ... where the financial industry 
providing all the information that goes into the certificate (CA industry just 
reformats all the information and digitally signs it). In one case of 
institution with 14M accounts, the board asks what is this $1.4B/annum thing 

I repeatedly point out that it is redundant and superfluous since the 
institution already has all the information. Purpose of the certificate is to 
append to every financial transaction. I also point out that digital 
certificate payload is enormous bloat, 100 times larger than the transaction 
size its attached to (besides redundant and superfluous)

CA industry then sponsors x9.63 work in X9 financial standards industry for 
"compressed certificate" format ... possibly getting the payload bloat down to 
10 times (instead of hundred times). Part of the compressed certificate work was to 
eliminate fields that the relying party already had. Since I had already shown that the 
relying party (institution) already had all fields, it was possible to compress every 
certificate to zero bytes ... so rather than doing digitally signed transactions w/o 
certificates ... it was possible to do digitally signed transactions with mandated 
appended zero-byte certificates.

Trivia: last few years before he passed, Postel would let me do part of STD1. 
There was a joke that while IETF required at least two interoperable 
implementations before standards progression, ISO didn't even require that a 
standard be implementable.

virtualization experience starting Jan1968, online at home since Mar1970
The cryptography mailing list

Reply via email to