Ian- > It could also be overcome by adding a button on > thunderbird to auto-generate the cert and install > it. Later on, users that worry about dealing with > people they don't know (a relatively small case > in the world of email) can think about upgrading > to a CA-signed cert. But for ordinary email, > using root-signed certs is overkill, IMHO.
Well, you are absolutely right. A self signed cert mechanism could easily be included in a browser, mail client...or PGP for that matter. that they aren't could be multiple factors...and I just don't have the patience to parse out the inside politics.. But for the life of me, I don't understand PGP/GPG's reluctance to do this. I also don't like the knee jerk reaction to a more formalized PKI structure evident in the PGP community. I've argued the point over and over and you end up hitting a brick wall that boils down to- CA (public or private)=greedy corporate money grubbers=bad Its like their brain gets stuck on the term. Makes no sense. However , as you say, just for email a Root>User format is un-necessary. Look at the limited key signing in PGP...Most email does not matter that much. But since x509 is THE networking standard; formality is required to allow confident network access or for commercial activity.. Does it have its problems and issues? Yes, but so does any other authentication protocol. However, for issue presented in this thread, xCA is a great utility, offers several hash choices in key formation , unlimited key size, nice gui, 3des protected database...... . Just the thing Ms. Knoell needs if she does not want to go through the hassle of setting up a certificate server. Yours- Ridge "Ian Grigg" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] <snip> _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
