On Sep 10, 2013, at 12:32 PM, Phillip Hallam-Baker
<hallam(_at_)gmail(_dot_)com> wrote:
The CA NEVER ever gives the user the key in any of the systems I have worked
on.
This appears to be untrue.
Comodo offers that exact service today.
https://secure.comodo.com/products/!SecureEmailCertificate_Signup
The Comodo service generates the key pair for you. This means that they have
your private key. We would hope that they would behave responsibly, but we
don't have the assurance we would have if we generated the key pair and sent
them only the public half.
Eliminate the CA and you eliminate the parties with the incentive to sell the
solution.
Who cares? You can't get people to buy what they don't want.
Whatever scheme is picked to complete secure email there is going to be a
problem finding end users certs and end user policies. And there may be a
market for solving that problem just like there is a market for blocking
spam.
There is a market for it, but right now it's very small, because nobody but
people whose activities _require_ a secure channel are interested in the
product.