[Previous] [Next] [Index]
[Thread]
Re: Re- Hierarchies and Webs of
Clarification:
>>The "hierarchical approach" you are referring to is that used by PEM, based on
>>X.509. This builds on a lot of structure to constrain what you refer to as
>>"transitivity".
>
>Yes, classic PEM depended on Internet-wide X.500 deployment.
Not quite. Classic PEM's dependency is on X.500 name representations
in X.509 certificates; there is, however, no dependency on use of
an X.500 directory to store those certificates. As with any
certificate-based approach, availability of a directory or other
queriable certificate repository is highly desirable, but it was
an important feature of the PEM design to enable "in-band" transfer
of certificate chains along with messages, thus allowing a
best-effort level of operation without a globally-accessible
certificate repository.
--jl
References: