[EMAIL PROTECTED] (Peter Gutmann) writes: > I actually suggested updating OCSP to provide true live status > information (akin to the accepted/declined response in CC > transactions) a few years ago, but this was violently rejected by > PKIX members because that's Not How X.509 Works. One list member in > particular became almost hysterical over the suggestion, going so > far as to privately petition the WG chair to have the proposal > killed (it's public record on the PKIX mailing list, although some > of the more extreme hysterics occured in private mail).
which then is essentiall the FSTC/FAST http://www.fstc.org/ from the mid-90s .... but it makes having the digital certificate redundant and supefluous (aka you don't need to have a digital certificate to do a real live transaction) ... which i have repeatedly commented to the PKIX and OCSP factions (and may have been part of the reason for their violent reaction to you suggestion). in '98 i was on a "PKI" panel at nissc conference with four other people ... three representing the major CAs and one other person. the people representing representing three major CAs (CTO typically) talked about how hard everybody has heard that PKIs were ... and they were here to tell you that it is much, much simpler than you have heard. I then talked about the majority of the business processes in the world can be upgraded to digital signature authentication w/o requiring digital certificates. the fifth person that talked about being responsible for the largest and longest deployed PKI operation ... and people may have heard about how hard PKIs were, and they were here to tell you that they are actually much, much harder than anything you have heard. -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
