Re: PKIs and trust

At 2:48 PM -0500 12/14/03, Keith Moore wrote:

All of those statements, assertions, and so on can be made insimple signed messages. When you get a message with statementsabout your job, you verify that the message has been signed usingyour boss' public key. What's the problem here?
Some of the problems occur when I start trusting software to tell mewhether to believe in the identity, authority, or role claimed bysomeone I don't know personally. It gets worse if I start trustingsoftware to make decisions based on the things that people I don'tknow personally tell me.


You're talking about a problem with software, not with the standards.

You started this thread with:

At 12:12 PM -0500 12/14/03, Keith Moore wrote:

Until PKIs are able to represent the rich diversity of trustrelationships that exist in the real world, they are merecuriosities with marginal practical value.

PKIs are able to represent the blah blah blah; your software isn'tyet translating that into something that you want to use.


--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread]	Current Thread	[Next in Thread>
RE: ITU takes over?, (continued) RE: ITU takes over?, Tony Hain RE: ITU takes over?, Paul Hoffman / IMC RE: ITU takes over?, Tony Hain Re[2]: ITU takes over?, Anthony G. Atkielski Message not available Re[2]: ITU takes over?, Anthony G. Atkielski PKIs and trust, Keith Moore Re: PKIs and trust, Paul Hoffman / IMC Re: PKIs and trust, Keith Moore Re: PKIs and trust, Paul Hoffman / IMC Re: PKIs and trust, Keith Moore Re: PKIs and trust, Paul Hoffman / IMC <= Re: PKIs and trust, Leif Johansson Re: PKIs and trust, Masataka Ohta Re: PKIs and trust, Franck Martin Re: PKIs and trust, Valdis . Kletnieks Re: PKIs and trust, Keith Moore Re: PKIs and trust, Masataka Ohta Re: PKIs and trust, Masataka Ohta RE: PKIs and trust, Al Arsenault Re: PKIs and trust, Masataka Ohta RE: PKIs and trust, Al Arsenault