RE: X.BlaBla in PGP??? BWAHAHAHAHAHA!!!!

[Lucky Green]

Eric S. Johansson wrote:
> On the
> other hand, I could go ahead and build my own certification
> authority which
> makes my certificates cryptographically correct but still effectively
> useless because nobody can verify the root CA certificate.

You could of course use S/MIME the same way most people use PGP: by
explicitly trusting certs they verified out-of-band. All S/MIME-enabled
mailers that I am aware of support this feature. There is no conceptual
difference between creating a PGP "key" (which is really a cert) and issuing
yourself a self-signed S/MIME cert. Nor is there a conceptual difference in
the verification and usage of either type of cert for email applications.

Should your complaint center around the fact that the S/MIME cert will show
up as invalid in the user's S/MIME client until the cert has been manually
marked as valid by the user, well, the same holds true for PGP "keys" that
don't carry signatures you consider valid. So, no, neither S/MIME nor PGP
certs remove from the user the burden to at least at one point in the
process make decisions about trust.

--Lucky