Fwd: Re: Crypographically Strong Software Distribution HOWTO

[Greg Broiles]

More from Rodney - I'm avoiding the "is law relevant?" branch of this 
thread because I think it's wandering off-topic, but can continue in 
private email if any of the participants think it's likely to be productive.

>Date: Sat, 07 Jul 2001 08:33:29 -0700
>To: Greg Broiles <gbroiles at well.com>
>From: Rodney Thayer <rodney at tillerman.to>
>Subject: Re: Crypographically Strong Software Distribution HOWTO
>
>(I can't tell where the signal and where the noise is in this thread,
>so I'll just say this to you, feel free to forward.)
>
>PKIX and it's legacy ancestor, X.509, have a 'revocation reason'
>field in the CRL mechanism.  However, it's not used -- but then
>again Verisign and others don't really use revocation so that's not
>necessarily a good example.  It's more interesting to note that,
>when people try to ask about revocation reasons, it turns out
>there's little consensus (e.g. in the IETF community) on the need
>for revocation reason.
>
>I think this is because people haven't really tried to deploy these
>systems in a practical manner, rather than because of any architectural
>flaw.
>
>At 01:15 PM 7/3/01 -0700, you wrote:
>
>
>>Because current systems don't, to my knowledge, allow the creators of 
>>revocations to specify the reason(s) for revocation, I wonder if it would 
>>be better to rely on short-lived keys or certs which are renewed 
>>frequently during a person's membership or association with a group.
>
>

--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com