Digital certificates provide the accreditation component that is the
principle value in the only two cryptography schemes that have been
an unqualified success - SSL driven e-commerce and the authenticode scheme.
Sure there are people who claim there is no value from certificates
that cannot be provided through a web of trust. The real issue is
accountability. I designed my procedures so that each employee in the
CA center is accountable for their actions, as a company we agree to
be held accountable within the bounds of predefined limits to the
parties relying on our certificates.
Sure you can build peer-to-peer type networks. But peer-to-peer trust
networks are complex and unweildy. That is why pretty much every
B2B scheme that starts as bilateral relationships quickly moves
to a Value Added Network model, you authenticate to the hub and
then you can talk to anyone.
The Web has peer to peer aspects, eliminating the central hub was
what made the network hypertext model work. But look at Google and
you will see that the search model is not peer to peer.
If so, what kind of trust systems would work in email?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg