On Mon, 22 Dec 2003 10:21:18 -0500 Wayne Wilson <[EMAIL PROTECTED]> wrote:
> Kerberos is often dismissed as being too complex to implement, you can > decide how much more complex pki must be. An interesting, and yet very entertaining reading on this is the X.509 Style Guide by Peter Gutmann. http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt I came across it when a German government funded study showed a very low level of interoperability among the various S/MIME implementations out there. Wondering why this can be considering that the field is standardized I found this at http://stud3.tuwien.ac.at/~e0025974/uni/crypto.pdf The German BSI (Bundesamt f�ur Sicherheit in der Informationstechnik) makes interoperability tests every quarter. Although everything is standardized, it is quite difficult to find a working combination. In the last tests (results at http://www.bsi.de/ only 5 out of 12 products were able to communicate with the others. How this could happen although everything was standardized? Anyone who has had to work with X.509 has probably experienced what can best be described as ISO water torture, which involves ploughing through all sorts of ISO, ANSI, ITU, and IETF standards, amendments, meeting notes, draft standards, committee drafts, working drafts, and other work-in-progress documents, some of which are best understood when held upside-down in front of a mirror. This has lead to people trading hard-to-find object identifiers and ASN.1 definitions like baseballcards - "I'll swap you the OID for triple DES in exchange for the latest CRL extensions". - Peter Gutmann in his "X.509 Style Guide" -b /----------------------------------------------------------------- | Bud P. Bruegger, Ph.D. | Sistema (www.sistema.it) | Via U. Bassi, 54 | 58100 Grosseto, Italy | +39-0564-411682 (voice and fax) \-----------------------------------------------------------------
