At 9:39 AM +0200 9/1/05, Stephan Neuhaus wrote:
Are we now at a point where we must admit that PKI isn't going to happen
s/happen/happen in a widely useful fashion/
for the Web
s/Web/Web and email/
and that we therefore must face the rewriting of an unknown (but presumably large) number of lines of code to accomodate PSKs?
Self-signed certificates that are fingerprinted out-of-band are better than PSKs in some situations, worse in others.
If that's so, I believe that PSKs will have deployment problems as large as PKI's that will prevent their widespread acceptance.
Bingo. --Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]