[All Lists] [By Thread] [By Date] [Previous] [Next]
From: Devorah
Subject: Certificate format
Date: 5 Cheshvan 5782
I have implemented X.509 parsing.
Questions:
1. Do we need distinguished names? Our subjects are URIs. 2. Do we need chain validation? We have no hierarchy. 3. Do we need key usage constraints? Our keys sign attestations.
X.509 was designed for a different problem. It assumes hierarchical trust, distinguished naming, and complex validation chains.
Our model is simpler. A flat structure. One issuer signs. Relying parties decide whether to trust that issuer.
Thread: