Ian, I hope you don't mind but I limit my response to a single core topic. <<snip>>
>So from this, I gather you want: scalability + distribution. Absolutely. >Do you want no center(s) at all? I want each organization/domain entity that can afford an SSL certificate to become a virtual CA and run their own secure messaging center. Based on the SSL certificate they can use whatever issuance policies they feel comfortable with as long as they keep inside of their "PKI sandbox" which is (by the not yet defined application), constrained regarding subject naming-schemes. This is BTW, how I believe secure e-mail should have been from the beginning; secured at the domain-level. Although that doesn't technically stop people from sending out viruses, spam, or similar, it at least makes it much less attractive because the domain owner would terminate you if it get too many complaints. Currently ISPs typically do not even authenticate SMTP requests, since there is no point, because you can "reuse" whatever domain you want and most of the time the mails get through. <<snip>> anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
