[19279] in cryptography@c2.net mail archive
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Dec 16 10:38:28 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
Date: Thu, 15 Dec 2005 11:36:26 -0800
In-reply-to: <871x0glywr.fsf@wheatstone.g10code.de>
--
From: Werner Koch <wk@gnupg.org>
> You need to clarify the trust model. The OpenPGP
> standard does not define any trust model at all. The
> standard merely defines fatures useful to implement a
> trust model.
"Clarifying the trust model" sounds suspiciously like
designers telling customers to conform to designer
procedures. This has not had much success in the past.
People using PGP in practice verify keys out of band,
not through web of trust.
People using https tend to click through.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
9zzvV5qgyWeB4uTJn5vTjFtKeouMk46hiM0EN7Q+
4CKg4nhwvcBjl855xVUXY5XMP46ZdvXoOl8Wu0Hyb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
