From:  Anne & Lynn Wheeler <[EMAIL PROTECTED]>
> drastically improving the useability of the interface 
> to the trusted public key repositories could be viewed 
> as having two downsides 1) certification authorities 
> that haven't payed to have their public keys preloaded 
> can more easily join the club, 2) the pgp-like 
> scenario becames much easier, potentially drastically 
> reducing existing reliance on the 
> digital-certificate-only (and certification authority 
> only business process) digital-signed-operation model.

I would state the same thing differently:  That the 
revenue model is based on sprinkling holy water over 
communications, rather than actually providing security.

Hence the proposal to address phishing by providing 
higher priced grades of holy water.

Public keys are relevant to the problem of decentralized 
reputation management.  For relationship management, 
shared secrets are better.   At present, the only widely 
applied reputation management software is that possessed 
by Ebay - which uses centralized reputation management 
software, so that it can charge people a fee for making 
use of their own reputations, and thus has no inherent 
need or desire for public keys.

After all these years, we still do not have a good fit 
between the capabilities of the technology, the 
usability of the interface, and the problems people need 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to