📅 Original date posted:2014-02-18
📝 Original message:[Ick, resending to list due to From: snafu(s)]
On Tue, Feb 18, 2014 at 11:47 PM, Peter Todd <pete at petertodd.org> wrote:
> What specifically do you dislike about X.509? The technical standard or
> the infrastructure around it? (IE the centralized authorities)
I'm not the one who was complaining, but what I dislike is that a
certificate can have only one issuer. Cross-signing doesn't address my
dislike: it's different enough from being a certificate's single
issuer that it leaves too much power in the CAs' hands, IMHO.
It isn't so much the centralization per se that I object to, but the
way that the technical standard encourages concentration in the
infrastructure. See
http://lair.fifthhorseman.net/~dkg/tls-centralization/#Why_does_the_architecture_encourage_concentration%3F
I've been (slowly) working on a patch to allow pki_data to contain
more than just the single certificate chain that the
single-issuer-only format insists on, but I'm making as many steps
back as forward, being unsure of the right way to do it. Implementing
an OpenPGP-based pki_type would probably be better, but hacking x509+*
seems like a lower-hanging fruit.
Bernd Jendrissek [ARCHIVE] /
npub1nv…fc33f
2023-06-07 15:13:48
in reply to nevent1q…y8gt
Author Public Key
npub1nvq5fvffrnm296rpdlknzcs00mnaedm4wp23pz3cc3vpfjh7s9xqnfc33fSeen on
wss://relay.nostr.bandPublished at
2023-06-07 15:13:48Event JSON
{
"id": "16f70b9dc7fc532d450e8d59b2f4902b468115cca19d6ad49dd4f2054d5e4a5b",
"pubkey": "9b0144b1291cf6a2e8616fed31620f7ee7dcb7757055108a38c45814cafe814c",
"created_at": 1686150828,
"kind": 1,
"tags": [
[
"e",
"60f789363ff39317a43c7819090e7091a49f0155f4597ebcc0977b391d35a9eb",
"",
"root"
],
[
"e",
"783c4442cdf2dec5b833e8f4ccf4787ccaea4f3b605b40a1f11c52f7871c650d",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2014-02-18\n📝 Original message:[Ick, resending to list due to From: snafu(s)]\n\nOn Tue, Feb 18, 2014 at 11:47 PM, Peter Todd \u003cpete at petertodd.org\u003e wrote:\n\u003e What specifically do you dislike about X.509? The technical standard or\n\u003e the infrastructure around it? (IE the centralized authorities)\n\nI'm not the one who was complaining, but what I dislike is that a\ncertificate can have only one issuer. Cross-signing doesn't address my\ndislike: it's different enough from being a certificate's single\nissuer that it leaves too much power in the CAs' hands, IMHO.\n\nIt isn't so much the centralization per se that I object to, but the\nway that the technical standard encourages concentration in the\ninfrastructure. See\nhttp://lair.fifthhorseman.net/~dkg/tls-centralization/#Why_does_the_architecture_encourage_concentration%3F\n\nI've been (slowly) working on a patch to allow pki_data to contain\nmore than just the single certificate chain that the\nsingle-issuer-only format insists on, but I'm making as many steps\nback as forward, being unsure of the right way to do it. Implementing\nan OpenPGP-based pki_type would probably be better, but hacking x509+*\nseems like a lower-hanging fruit.",
"sig": "a11e41ecb93eb33d3db1676007d78c17fe8a215c23061e03445cb39e0c3366dd189beffd4d30b405818cb32e8f46614c365ea1f7502cc1a00e144c5a462f5731"
}