[10437] in cryptography@c2.net mail archive
why there is no WoT in S/MIME (Re: PGP & GPG compatibility)
daemon@ATHENA.MIT.EDU (Adam Back)
Mon Feb 11 13:38:36 2002
Date: Mon, 11 Feb 2002 09:33:32 +0000
From: Adam Back <adam@cypherspace.org>
To: Russell Nelson <nelson@crynwr.com>
Cc: Lucky Green <shamrock@cypherpunks.to>,
cryptography@wasabisystems.com
Message-ID: <20020211093332.A535341@exeter.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <15463.18177.339810.586737@desk.crynwr.com>; from nelson@crynwr.com on Sun, Feb 10, 2002 at 11:28:04PM -0500
The fact that S/MIME doesn't work well with WoT, and that there are
two classes of users: end users, and CAs is a design criteria burnt
into the spec and most of the software. It's a business issue, the CA
players were involved in writing the standards, and they have a vested
interest to force users into paying them money to use the software.
It's also a factor why most of the statistic of users with S/MIME MUAs
aren't using it. I think S/MIME would be more widely used by
individuals if the end-user software worked without CA certificates
and preferably supported some form of WoT.
Adam
On Sun, Feb 10, 2002 at 11:28:04PM -0500, Russell Nelson wrote:
> Well, one of the things that PGP/GPG/OpenPGP got right is the web of
> trust model. Given that model, there is nothing preventing someone
> from imposing a certificate authority on top of that web. On the
> other hand, I know of know way to make S/MIME work without a
> certificate from an authority.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
