Re: [keyassure] publishing the public key

[Phillip Hallam-Baker <hallam@gmail.com>]

On Sun, Feb 20, 2011 at 2:57 PM, Paul Wouters <paul@xelerance.com> wrote:

> On Sat, 19 Feb 2011, Phillip Hallam-Baker wrote:
>
>  The problem with this approach is that it means that we are going to at
>> best be exercising new code paths in existing
>> code. At worst we are going to force people to write new code.
>>
>> It is impossible to run TLS without X.509 code in the stack. Everything
>> else is superfluous.
>>
>> This is really bikeshedding. It is not going to simplify implementation by
>> an iota and it is going to create yet another
>> special case to support.
>>
>> I don't think the crypto community wants to support yet another key
>> format. Even if that format is 'merely' a subset of
>> an existing format.
>>
>
> The alternative is shipping a bunch of nonsense fields for eternity. If
> you assume that the self signed certs will migrate to DNSSEC validation,
> then that would be the vast majority of certificates out there. The
> crypto community should not want that either, though I don't claim to
> represent them.



Just like the useless Edison light bulb screw fitting that has been the
standard here for over a century despite better options, the existing
standards will continue until there is a paradigm shift that cannot be
accommodated in a backwards compatible manner (e.g. halogen bulbs).

What is being discussed here is not such a paradigm shift.


There are many things in the world that are bad and worth changing. ASN.1 is
bad, but it is not one of them.

You do not make code simpler by introducing additional code paths. You only
make code simpler if you remove them. The way to make this code base simpler
is to remove the code path that you are proposing.



-- 
Website: http://hallambaker.com/