Nelson B Bolyard wrote. >> I want each organization/domain entity that can afford an SSL certificate >> to become a virtual CA and run their own secure messaging center.
>Why SSL certs? why not email certs? Could it be the fact that the SSL PKI exists? Email certs is a nice idea that requires that organizations buy into something like VeriSign's OnSite concept or into completely bizarre stuff like the US FBCA ( http://www.cio.gov/fpkipa ). Only governments have proved to be interested in becoming a part of a PKI trust network. The concepts they work with are appallingly stupid. NASA for instance use an Aerospace PKI for their suppliers ignoring the fact that 90% of all invoices are from suppliers that are not in Aerospace (catering, transports, office supplies etc etc). More "fun": http://www.imc.org/ietf-pkix/mail-archive/msg05024.html That is, if success is irrelevant you have many choices. If OTOH success is a core component, the number of options are pretty limited. The choice is yours! >The IM service I mentioned before allows users to use certs from any CA. >Each user's client decide which certs are acceptable, not the service. Oops! *My* target are users that do not know what a certificate is! Then the rest becomes rather unimportant since it is about comparing apples and oranges and we already know that strawberries are better :-) I believe Eddy's Jabber stuff is rather close to what I propose, since it indeed gives the service an issuing capability if I have not read the docs too bad. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
