ietf
[Top] [All Lists]

RE: Certificate / CPS issues

2003-06-09 17:46:47
I dispute the lower risk claim. You have more control. More control
does
not mean less risk.

The PKI and the PGP model both have risks, just different risks. The PGP
model only involves the two parties; it brings the risk that the two
parties misidentify each other.  The PKI model involves a third party,
supposedly trusted by both players; it brings the risk that the third
party may make mistakes, or that the two parties mistakenly assign too
much trust to a third party. Also, any large centralized service is
bound to become a target for government and other entities.

-- Christian Huitema





<Prev in Thread] Current Thread [Next in Thread>