[8199] in cryptography@c2.net mail archive
Re: Is PGP broken?
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Tue Dec 5 01:07:36 2000
Message-ID: <006901c05e70$9cad3900$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: <pgut001@cs.auckland.ac.nz>, <cryptography@c2.net>
Date: Tue, 5 Dec 2000 12:04:55 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: <cryptography@c2.net>; <em@who.net>; <pgut001@cs.auckland.ac.nz>
Sent: Tuesday, December 05, 2000 4:45 AM
Subject: Re: Is PGP broken?
> "Enzo Michelangeli" <em@who.net> writes:
>
> >Apart from standards issues, one thing I'd like to see added to popular
S/MIME
> >agents is a mini-CA to issue self-signed certificates. This would allow
people
> >to use S/MIME as they use PGP (who relies on the WoT anyway?), breaking
the
> >dependency from hierarchical CA's. Creating such an agent would be now a
viable
> >OpenSource project, without any need for expensive toolkit licenses.
>
> I have an RFC draft for this which I wrote a while back but it was
rejected by
> the PKIX WG chair(s) ("I am concerned that we not turn PKIX into PGP with
ASN.1
> syntax"), and I haven't had the motivation to publish it as an independent
> draft - would anyone even notice?.
I don't think we need a draft for that: is there anything in the current
RFC's preventing an S/MIME user agent from verifying an attached cert
against a locally-stored copy, rather than traversing the certification path
up to the root? Or also from installing root certs made by arbitrary peers?
Enzo
