[Bitcoin-development] BIP70 proposed changes
Bernd Jendrissek
bitcoin at bpj-code.co.za
Tue Feb 18 23:41:36 UTC 2014
[Ick, resending to list due to From: snafu(s)]
On Tue, Feb 18, 2014 at 11:47 PM, Peter Todd <pete at petertodd.org> wrote:
> What specifically do you dislike about X.509? The technical standard or
> the infrastructure around it? (IE the centralized authorities)
I'm not the one who was complaining, but what I dislike is that a
certificate can have only one issuer. Cross-signing doesn't address my
dislike: it's different enough from being a certificate's single
issuer that it leaves too much power in the CAs' hands, IMHO.
It isn't so much the centralization per se that I object to, but the
way that the technical standard encourages concentration in the
infrastructure. See
http://lair.fifthhorseman.net/~dkg/tls-centralization/#Why_does_the_architecture_encourage_concentration%3F
I've been (slowly) working on a patch to allow pki_data to contain
more than just the single certificate chain that the
single-issuer-only format insists on, but I'm making as many steps
back as forward, being unsure of the right way to do it. Implementing
an OpenPGP-based pki_type would probably be better, but hacking x509+*
seems like a lower-hanging fruit.
More information about the bitcoin-dev
mailing list