On Fri, 1 Oct 2004, Tony Finch wrote:
On Fri, 1 Oct 2004, James M Galvin wrote:
>
> My point is that both the S/MIME and PGP technologies (there is a third,
> RFC1848-MOSS, which I only mention I believe is applicable because we're
> not talking about solutions) are agnostic on all three points.
Being agnostic about key distribution is a serious problem. We need
something that dramatically simplifies it, i.e. no central authorities
(like S/MIME) or distribution networks (like PGP) that add friction to
deployment.
We need to separate 'agnostic' from "key distribution".
I agree completely that "key distribution" is an issue. Being
"agnostice" means that all the technologies will work with any key
distribution mechanism.
Both S/MIME and PGP are profiled with a preferred key distribution
mechanism, but at one extreme all technologies will work with manually
provided and managed keys. So, we could reasonably substitute any
suitable key distribution system for any of the technologies.
That is what I mean by "agnostic" with respect to "key distribution." I
consider it a feature that the technologies are agnostic on this point.
Jim