Julien Pierre wrote:
... as it would cause the application to produce errors in cases the standards state are valid...
When I said that the two models are complementary, I was assuming that both the software and the user would know whether the secured interaction is operating under TTP *or* KCM, I was specifically *not* assuming something like one of the in-vogue efforts to "strengthen" TTP model by piggy-backing KCM on top of TTP. It appears to me that the distinction between the two is so substantial that no user will have any problem understanding it. Indeed, if there are problems in the current TTP-only system - ad there seems to be a general agreement there are - then a clear understanding of the role and presence of the trusted third party (now lacking, in the mind of most users) would improve the security, even in TTP interactions. cdr _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto