> Ideally, this infrastrucure is not only of technical nature, but
> keeps the differences and choice between PGP and S/MIME transparent
> to the user. [...] Compare http vs. ftp and mail vs. news.
Definitely. X.500 and WoT are opposite ends of a continuous spectrum,
and people are groping their way towards the middle. A good
implementation would cover the range, and let you pick your point.
(Note that there isn't one single globally-optimum point. For some
users, having a friend "vouch" for someone is fine for sending fairly
innocent mail. For others, they'll need a legally defendable chain of
evidence before they'll commit to that million-dollar deal.)
This was one of the inputs to the Stan API design. (Note that there's
an abstract certificate type, subclassed by specific implementations.)
Relyea and I started to work out a way one could add new verification
modules, so people working on e.g. cross-certification bang-paths could
just plug in. (Actually, more like path-discovery then verification.)
Unfortunately, religious wars are polarizing. Unless someone is paid
(or otherwise strongly motivated) to make both work in the same
framework, it won't happen.
--
Note: I'm at didyma dot org, not org dot didyma. I hate spam.
