Ian- Thanks for the reply
I also have been bashing my head > against these things and people really get > nervous when their assumptions are shown to > be wrong (e.g., the CA model in S/MIME is > based on a no-prior-relationship assumption > from HTTPS, which is suspicious in HTTP, > but totally wrong with email). Well, my problem was the blind dismissal of a structured PKI in favor of an amorphous Web of Trust. Saying a Thwate authentication is worthless, but standing up in a room full of strangers declaring ownership of a key is some how more meaningful. Trust is a very personal thing and is shaded different grades for different things. My view is that *as a mechanism* PKI offers a parallel to our everyday experience in dealing with strangers and requiring some sort of ID. If and how much you trust that ID really depends on the circumstances its used for. As for x509, it is used in the vast majority of PKe not only https but is the preferred authentication standard for IPSec in larger applications, is in every installation of Windows 2k and XP, has been designed into Active Directory, will apparently even more completely incorporated into Longhorn, and is being considered as the authentication element of IPv6. The new HIPAA standards list it as an approved security element and is the one most accessible to the medical IT infrastructure. Even PGP Corp has incorporated S/MIME in its new mail proxy release PGP Universal. So its there and is more popular every day. With several free application (and easy GUIs ) out there, the monopoly on cert generation has been broken and we are back where we started, self signed or private pk structures. With a little more flexibility, open sourced Thunderbird and open sourced cert generation, the benefits of OpenPGP would lessen. Yours- Ridge "Ian Grigg" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] <snip> _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
