At 16:24 07/02/01 -0500, Gene Lee wrote:
> >From: "mouss" <[EMAIL PROTECTED]>
>
>What if that "other entity" was your own organization? There's no reason why
>you can't be your own CA and import your own trusted root into every
>browser/e-mail reader. That way you can have your own people register and
>enroll users. Personally, I think that would be a much more centralized,
>manageable and trusted solution than a "web of trust". In addition,
>importing a trusted root to all desktops (most times as easy as clicking a
>link on an intranet web page) is significantly less work than loading
>additional code onto the client, since S/MIME is standard on most
>reader/browser platforms.
I fully agree but this (each entity being its own CA) has proved very hard.
Note that while I don't trust those PKIs, I don't consider them to be bad
people. It's just that trust is too expensive to give away!
Also, even technical companies like RSA might have pressure from
their governement or the local gov (if they export), and their commercial
needs may be more important than "principles".
now I don't really believe in the "web of trust" of PGP. but there's no
replacement
as of today. It requires more work, but once you get things working, you
know where you are:)
S/MIME is certainly a standard, but it's mostly a "commercial" companies
standard. it comes with commercial products (IE, netscape), but less with
free products. Unless RSA develops a free version, it'll stay in this state.
All that said, the real problem with crypto is gov' control. While the
number of
bits has changed, the mentalities are still there and anyway the control was
here since a long time that it influenced technology. Also, many companies
announced crypto protection when they were proposing 40 bits (MS and netscape
did that), which make us suspicious when commercial companies talk about
security....
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
