On Jun 12, 2011, at 10:37 PM, Tom Metro wrote: > > And how about if you delete all your root certificates (rather > inconvenient on a web browser, but probably minimal impact on a mail > client), and instead only use certificates that you obtain direct from > the other party or through your chosen web of trust?
There is no web of trust with SSL and S/MIME. The certificate trust chains are just that: chains. They are straight lines. Looking at the Rohr example, if my contact's key had been signed by three or five people that I had already verified then the telephone verification would not have been necessary. His key would have been a node in my trust web. SSL and S/MIME don't do this. I'm sure that someone is clever enough or ornery enough to make it work, but for the rest of us it is just too cumbersome to bother. --Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
