From: ekr@eit.COM (Eric Rescorla)
Date: Fri, 21 Jul 95 01:44:23 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape the Big Win
Message-ID: <9507210844.AA17250@eitech.eit.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney writes:
>From: Adam Shostack <adam@bwh.harvard.edu>
>> 	Actually, it also supports Kerberos (not relevant to most of
>> us), and PGP messaging.  Although a KCA would be needed before anything
>> useful came of the PGP support, at least its there.
>
>It appears that support for PGP messaging has been removed from the
>July 1995 SHTTP draft.  So it's X.500 all the way.
><URL:http://info.internet.isi.edu/in-drafts/files/draft-ietf-wts-shttp-00.txt>

Well, X.509 for now. The Eastlake-Kaufman DNS Security work
(draft-ietf-dnssec-secext-04.txt) plus MOSS (draft-ietf-pem-mime-08.txt
--now proposed standard, awaiting an RFC number) promise to give us
a non-X.509 certification structure for the Internet. S-HTTP explicitly
looks to this work to free us from X.500. 

Note that this only marginally improves the situation, however,
since what you really want is commercial-grade certification,
and you still can't issue RSA certificates, whatever the
format, without licensing from RSADSI. This promises to be
something of an issue in the future.

-Ekr