[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP, Inc.



From:	IN%"[email protected]"  "Raph Levien"  5-MAY-1996 13:47:16.83

>   "Observers say SMIME's capabilities will let it replace software
>   based on the PGP code, which is widely used. Unlike SMIME, which uses
>   a structured certificate heirarchy, PGP relies on pre-certification
>   of clients and servers for authentication, a limitation SMIME doesn't
>   face."

	Can one use a web-of-trust for S/MIME, for the cases when a structured
hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know
anything about it.

>   Thus, it's a reasonable guess that almost all S/MIME messages that
>pass through the wires will offer "virtually no protection," to quote a
>phrase from a paper co-authored by the principal designer of S/MIME's
>encryption algorithms
>(http://www.bsa.org/policy/encryption/cryptographers.html).

	A public breaking of some S/MIME messages would work to discourage
this unsafe mechanism. One wonders if PGP Inc. could sponsor some variety of
contest?
	-Allen