Re: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick)
-- On 23 May 2002 at 21:58, Adam Back wrote: This won't achieve the desired effect because it will just destroy the S/MIME trust mechanism. S/MIME is based on the assumption that all CAs are trustworthy. Anyone can forge any identity for clients with that key installed. S/MIME isn't really compatible with the web of trust because because of the two tier trust system -- all CAs are assumed trustworthy and all users are not able to sign anything. Or to say the same thing in slightly different words, all CAs are perfectly and equally trustworthy, and all users are untrustworthy. This system is inherently authoritarian. Because that authority must be restricted for it to be useful, it is inherently a pain in the ass to administer, with inherently high administrative costs. Like socialism, S/MIME results in bureacracy, delay, expense, and inefficiency. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG USL5cv1ggEyWtLV5o70QlHagEAxDOVzR+aGoGJyG 4r/H3bXgCwZ3aRF4U6H7Adat9jD9PjCxb1FPSgQpk
Re: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick)
On Thu, 23 May 2002, Adam Back wrote: On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote: So what if we create the Cypherpunks Root CA, which (either) signs what you submit to it via a web page, or publish the secret key? This won't achieve the desired effect because it will just destroy the S/MIME trust mechanism. S/MIME is based on the assumption that all CAs are trustworthy. Which is, of course, a major flaw. S/MIME is of some value for internal corporate email for companies who can run their own CA. (The sort of people who used to be Xcert's customers.) S/MIME is of very little value outside of a closed intranet environment, for the simple reason that public CAs are mostly incompetent, untrustworthy, or both. -MW-
