[Cryptography] Why human-readable IDs (was Re: Email and IM are ideal candidates for mix networks)

[Phill]

On Aug 28, 2013, at 11:18 AM, Dave Horsfall <dave at horsfall.org> wrote:

> On Wed, 28 Aug 2013, Perry E. Metzger wrote:
> 
>> Anyway, I've already started implementing my proposed solution to that 
>> part of the problem. There is still a need for a distributed database to 
>> handle the lookup load, though, and one that is not the DNS.
> 
> (Delurking)
> 
> This suggests the use of LDAP.


 I don't see that at all. In fact I think that nothing has hurt deployment of PKI more than LDAP. 

The problem for the email client is very simple:

"What is the key etc. to send email to alice at example.com"


I can solve that very easily with a HTTP lookup or a very short Web Service with JSON query syntax. If LDAP is involved there will be a consultant setting up the directory and building fancy DIT trees and racking up bills of $100,000+ for something that makes no difference to the actual query.

Now if the certs are already in an LDAP directory then fine, lets pull data from that resource. But if they are not in LDAP already there are much easier ways to interface a database of certs to a query interface.