On Fri, Jan 23, 2015 at 2:20 PM, Paul Hoffman
<paul(_dot_)hoffman(_at_)vpnc(_dot_)org> wrote:
On Jan 23, 2015, at 11:15 AM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com>
wrote:
What you describe is a CA in that it issues certs.
...and also has a directory of the issued certs.
Much better to have a low fidelity CA than no CA at all.
Definitely. Maybe DANE will be a solution, but there is very little energy
there.
Comodo is currently providing free S/MIME certs to individuals which is
inside the PKIX model.
So is StartSSL. However, the problem that Michael would then have is how
many places he should look for a cert for ex(_at_)ample(_dot_)com. And what
to do if
he sees two overlapping but disagreeing certs when he looks in multiple
places. Nothing new here.
Which is why I think we need TRANS type technology in the mix.
TRANS has a natural network effect. It is best to be in the big log. It is
easy to aggregate logs of public logs. Therefore there will be convergence
on a single public log that contains most of the data that matters.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime