At 2:48 PM -0500 12/14/03, Keith Moore wrote:
All of those statements, assertions, and so on can be made in
simple signed messages. When you get a message with statements
about your job, you verify that the message has been signed using
your boss' public key. What's the problem here?
Some of the problems occur when I start trusting software to tell me
whether to believe in the identity, authority, or role claimed by
someone I don't know personally. It gets worse if I start trusting
software to make decisions based on the things that people I don't
know personally tell me.
You're talking about a problem with software, not with the standards.
You started this thread with:
At 12:12 PM -0500 12/14/03, Keith Moore wrote:
Until PKIs are able to represent the rich diversity of trust
relationships that exist in the real world, they are mere
curiosities with marginal practical value.
PKIs are able to represent the blah blah blah; your software isn't
yet translating that into something that you want to use.
--Paul Hoffman, Director
--Internet Mail Consortium