Bonatti Chris wrote :
There is great strength in this kind of modularity. We
should consider this concept in Open-PGP.
Yup.
or have the facility to have multiple principals in a single
infrastructure by using attribute<->signature bindings delivered by a
'trusted' source (i.e. (over-simplified, no flames please) in
SDSI the trusted source is one's self, or one's friend, in X.509
the trusted source is the attribute CA, in PGP everyone is a
possible trusted source) where you treat the keys
as well as the namespace as possible attributes.
This is analagous to the notion that all a CA does is bind namespace...
Anyhow,
Chris
-Pat
--
patr(_at_)xcert(_dot_)com
Public Key Available via LDAP
http://www.xcert.com