Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <berndj@vps.pedantic.co.za>) id 1WFwPJ-0007zR-Of
	for bitcoin-development@lists.sourceforge.net;
	Wed, 19 Feb 2014 01:57:05 +0000
X-ACL-Warn: 
Received: from [95.47.141.119] (helo=vps.pedantic.co.za)
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76) id 1WFwPG-0003Nf-Hw
	for bitcoin-development@lists.sourceforge.net;
	Wed, 19 Feb 2014 01:57:05 +0000
Received: from berndj by vps.pedantic.co.za with local (Exim 4.76)
	(envelope-from <berndj@vps.pedantic.co.za>) id 1WFvyC-0006SG-Pj
	for bitcoin-development@lists.sourceforge.net;
	Wed, 19 Feb 2014 02:29:04 +0100
MIME-Version: 1.0
In-Reply-To: <20140218214721.GA25356@savin>
References: <le05ca$qn5$1@ger.gmane.org> <5303B110.70603@bitpay.com>
	<20140218214721.GA25356@savin>
Date: Wed, 19 Feb 2014 01:41:36 +0200
Message-ID: <CAF7PVPq+g98J-Q8Mssp5ap9cfrhPmwh91E8qn4gSEiHPApgx5g@mail.gmail.com>
From: Bernd Jendrissek <bitcoin@bpj-code.co.za>
To: Peter Todd <pete@petertodd.org>
Content-Type: text/plain; charset=ISO-8859-1
Sender: "Bernd Jendrissek,,," <berndj@vps.pedantic.co.za>
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	1.0 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1WFwPG-0003Nf-Hw
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] BIP70 proposed changes
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 01:57:05 -0000

[Ick, resending to list due to From: snafu]

On Tue, Feb 18, 2014 at 11:47 PM, Peter Todd <pete@petertodd.org> wrote:
> What specifically do you dislike about X.509? The technical standard or
> the infrastructure around it? (IE the centralized authorities)

I'm not the one who was complaining, but what I dislike is that a
certificate can have only one issuer. Cross-signing doesn't address my
dislike: it's different enough from being a certificate's single
issuer that it leaves too much power in the CAs' hands, IMHO.

It isn't so much the centralization per se that I object to, but the
way that the technical standard encourages concentration in the
infrastructure. See
http://lair.fifthhorseman.net/~dkg/tls-centralization/#Why_does_the_architecture_encourage_concentration%3F

I've been (slowly) working on a patch to allow pki_data to contain
more than just the single certificate chain that the
single-issuer-only format insists on, but I'm making as many steps
back as forward, being unsure of the right way to do it. Implementing
an OpenPGP-based pki_type would probably be better, but hacking x509+*
seems like a lower-hanging fruit.