Ian G wrote: > Right, but considering that this is *email* > and CAs are simply some optional extra to do > with commercial users (and we saw what they > want) then when it comes to *email* there is > no need to bash anyone's head over any issue.
I see 2 primary benefits of including a CA in the chain, firstly email is spoofable, and unless you plan to use a white list to annoy the crap out of everyone before you'll accept mail then the CA in most cases includes a minimum level before issuing, at least I don't know of any testing certs issued without a mail probe. 2nd benefit is in the revokation, how many PGP keys are floating round in cyber space that can't be revoked? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security