On 02/18/2018 05:55 PM, Ben McGinnes wrote: > So you took a system built from the outset on a security model founded > entirely on public key exchanges between distributed and federated > (both self-determining and self-governing) nodes ... and then spent a > considerable amount of time and effort making that system centralised > in order to meet certain types of common business use cases ... > > ... with a software package which ships with a complete implementation > of S/MIME as well ... No, there is no S/MIME implementation because the PKI model it relies on is inherently precarious for enterprise usage because of using third-party certificates. Once a 3rd party CA is trusted, all users it certified becomes trusted while those users have no business relationship with the enterprise.
> Hmm ... > > Okay, I just have one question: > > *Why?!* The short answer is that neither S/MIME's PKI or OpenPGP's web-of-trust is suitable for organizational uses in term of defining trusted people for the organization. In addition, current clients of both require considerable efforts at the end-user side to configure and use. For a longer analysis, here is a white paper: https://www.cs.utah.edu/~luzhao/pub/doc/autonomous-certificate-authority.pdf Thanks, Lou > > > Regards, > Ben _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users