--
From:                   Dave Howe <[EMAIL PROTECTED]>
> 2) Google got into the CA business; namely, all 
> GoogleMail owners suddenly found they could send and 
> receive S/Mime messages from their googlemail 
> accounts, using a certificate that "just appeared" and 
> was signed by the GoogleMail master cert. Given the 
> GoogleMail user base, this could make GoogleMail a 
> defacto CA in days.
>
> 3) This certificate was downloaded to your GoogleTalk 
> client on login, and NEVER cached locally
>
> Ok, from a Security Professional's POV this would be a 
> horror - certificates all generated by the CA (with no 
> guarantees they aren't available to third parties) but 
> it *would* bootstrap X509 into common usage,

That horse is dead.  It is not going into common usage.

SSL works in practice, X509 with CA certs does not work 
in practice.  People have been bullied into using it by 
their browsers, but it does not give the protection 
intended, because people do what is necessary to avoid 
being nagged by browsers, not what is necessary to be 
secure. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     mQ0rM7wYdVTuoeMRUcrpDc1V9pUqhEgUmJMtyCZZ
     469u1yKDDCKWaUWwU/LYyE/7CVNRZV7OjXCs+Kyyc



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to