-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Steven Noonan]
> The only way I can think of as an accurate method of proving the
> identity of oneself is PGP. I suggest people start using it more.
The problem with PGP is that if a sender is not connected to your web of
trust, you have no more assurance of their identity than if the mail
wasn't signed at all.
For example, nobody outside my own organization should really trust my
PGP key, since it's not been signed by anyone outside my organization.
All of my "connected" signatures have long since expired.
S/MIME uses the "normal" PKI of trusted roots - Verisign, Entrust, etc.
But of course, this is why S/MIME certificates cost, money, and PGP
doesn't.
Neither PGP nor S/MIME have become mainstream, because both have
significant headaches and costs with regards to PKI. One requires paying
for and managing a bunch of certificates expirations and revocations
with a vendor, another requires "keysigning parties" and leans on
loosely connected trust networks. So both are seen as more trouble than
they're worth to most people and mail administrators.
Maybe Internet Mail 2000 or one of the other standards being put forth
as an "SMTP replacement" will address these shortcomings. I hope.
Regards,
Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
iD8DBQFBeSaS9wZiZHyXot4RAgRXAJsEbeOHLVw6pVkeM3BhiPGce2x1+wCeNNE9
qCs7Sb4FRHdEqWNtduTNtC0=
=pZnj
-----END PGP SIGNATURE-----
_______________________________________________
Prime mailing list
[EMAIL PROTECTED]
http://hogranch.com/mailman/listinfo/prime
