Robert Watson writes:
> I am wary about adding any PK support to part any of Coda at this point
> without going into a full-out design of a PK authentication system for
> Coda in general.  While it is certainly more scalable, PK still suffers
> from a lot of problems -- more in the case of end-user authentication than
> shared secret.  Also, I'm reluctant to create yet-another-PK-certificate
> system for Coda, but am not sure the other systems out there are developed
> enough at this point to use one or another.

Well, as I've said, SPKI is developing nicely. It has not yet been
standardized and the formats are still flexible, which is a benefit
for Coda since if there are any deficits in the formats they could
still be fixed. SPKI is also (relatively) simple in concept and
design.

> As was suggested in a later email, SPKI is certainly a possibility -- what
> I'd really like to see is a standard interface to the variety of
> certificate systems out there so that we can plug in arbitrary PK systems
> as we need to, be it SPKI, X.whatever, or DNSsec.  They each have their
> advantages (be it scalability, distributed or centralized management,
> etc), but I don't want to commit to one :).

You might find this is hard, given that they all have very different
ideas about trust and how naming works.

Perry