-- From: Dave Howe <[EMAIL PROTECTED]> > 2) Google got into the CA business; namely, all > GoogleMail owners suddenly found they could send and > receive S/Mime messages from their googlemail > accounts, using a certificate that "just appeared" and > was signed by the GoogleMail master cert. Given the > GoogleMail user base, this could make GoogleMail a > defacto CA in days. > > 3) This certificate was downloaded to your GoogleTalk > client on login, and NEVER cached locally > > Ok, from a Security Professional's POV this would be a > horror - certificates all generated by the CA (with no > guarantees they aren't available to third parties) but > it *would* bootstrap X509 into common usage,
That horse is dead. It is not going into common usage. SSL works in practice, X509 with CA certs does not work in practice. People have been bullied into using it by their browsers, but it does not give the protection intended, because people do what is necessary to avoid being nagged by browsers, not what is necessary to be secure. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG mQ0rM7wYdVTuoeMRUcrpDc1V9pUqhEgUmJMtyCZZ 469u1yKDDCKWaUWwU/LYyE/7CVNRZV7OjXCs+Kyyc --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]