L. Sassaman: Tuesday, June 27, 2000 12:43 PM
There are many issues too detailed to go into here that should be formally addressed in regards to keyservers. If the keyserver infrastructure does ramp up, I think that an RFC will be in order. Anyone with the IETF here? Who would I talk to about forming such a WG? Is a keyserver standard within the scope of the IETF?
I get a real good chuckle out of this thread.<g> 1) Randy hisself is a promenent member of the IETF. 2) Having co-chaired a WG, I suspect that randy may even know how it's done. 3) I'd bet a small amount of change that Randy has already started the wheels in motion, even before he sent the first message. 4) I suspect that this thread exists to measure the level of interest among the major players. Now for something on-topic; Yes, Internet PKI, in it's present state, sucks. Yes, there is a need, but the architecture definitely needs a look-see. Personally, I think it grossly inadequate and there ain't no way that it can be made as reliable as DNS, in it's present form. It's basically a poor-man's TLS with about half the fore-thought. Personally, I've been working with X.509 certs as an improvement over basic PGP, but again, the PKI sucks there as well. But, as a previous poster already brought to surface, the users must have an interest in this service or NONE of the ISPs will be interested in deployment. The reason that existing PKI sucks is mainly a lack of serious user interest. There are NO production-level PKI servers out there today. None of them will commit to an SLA and there are too few customers that will pay the required bucks to support a decent SLA, for a PKI infrastructure. Build it and they will NOT come, yet. As usual, this is only an opinion --- R O E L A N D M . J . M E Y E R CEO, Morgan Hill Software Company, Inc. An eCommerce and eBusiness practice providing products and services for the Internet. Tel: (925)373-3954 Fax: (925)373-9781