----- Original Message -----
From: "Peter Gutmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, December 05, 2000 4:45 AM
Subject: Re: Is PGP broken?
> "Enzo Michelangeli" <[EMAIL PROTECTED]> writes:
>
> >Apart from standards issues, one thing I'd like to see added to popular
S/MIME
> >agents is a mini-CA to issue self-signed certificates. This would allow
people
> >to use S/MIME as they use PGP (who relies on the WoT anyway?), breaking
the
> >dependency from hierarchical CA's. Creating such an agent would be now a
viable
> >OpenSource project, without any need for expensive toolkit licenses.
>
> I have an RFC draft for this which I wrote a while back but it was
rejected by
> the PKIX WG chair(s) ("I am concerned that we not turn PKIX into PGP with
ASN.1
> syntax"), and I haven't had the motivation to publish it as an independent
> draft - would anyone even notice?.
I don't think we need a draft for that: is there anything in the current
RFC's preventing an S/MIME user agent from verifying an attached cert
against a locally-stored copy, rather than traversing the certification path
up to the root? Or also from installing root certs made by arbitrary peers?
Enzo
