On Thu, 31 Mar 2011 10:59, [email protected] said: > Maybe it is an idea to implement further restrictions: > a) only trust specific subca > b) only give a range of TOP level domains to a root or subca
Yet another X.509 fix. They are trying this for 20 years or so. All what X.509 does these days is to put something(!) different into the never existing X.500 structure. The idea of X.500 was to have a global directory to list all entities which will have a need to be listed. >From a pure technical point this could have worked. However the important part has been left out: For a technical imposed structure we need to have a human controlled organizational structure to set it up. Now human interactions are by some orders more complex than various ASN.1 encodings. How could that ever have worked. The WoT (Web of Trust) idea got it right: It started by looking how humans organize them self and applied a technical structure to support this. This is a better approach. I still don't believe that it will scale to something like the web we have today. The prerequisites changed since the BBS time and thus the WoT won't work in today's highly interlinked web space. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
