--On Monday, February 23, 2004 20:58:42 +0100 Kurt Jaeger <lists@complx.LF.net> wrote:
I object on making x.509 the sole method of authenticated communication with RIPE.
There's GPG, and it works, now.
X.509 is not the way to go. It's just a (needless) duplication of effort. And wading forever in the mess of "do we use this protocol/format or that" and so on.
I would have to concur with this objection. PGP/GPG works, it is well suited to workflow, requires few special tools (bar pgp software) on the client side, and is an established method.
Forcing certificate handling onto the LIR community is NOT good service, it is IMNSHO overcomplication. PKIen have their uses, but this is not one.
I say NO to X.509.
I completely disagree. You can say no all you like but frankly for many organisations PGP/GPG is simply not an option because there are a number of issues related to management of keys and users. I suspect an audit of many organisations using PGP/GPG would find alarming issues with the way these are deployed and used. X.509 maybe somewhat overcomplicated [and I don't agree with that fully anyway] for this specific application but if you already have a platform and many organisations do, then its a trivial expansion. Rolling out GPG/PGP across large organisations is just as much of an issue as deploying a PKI system. Whether you like or not X.509 is here and its likely to be here to stay and it works pretty well in my experience. So I welcome the RIPE NCC's direction on this. Regards, Neil.