Eric Burger wrote:
Here I agree. [The value of discourse]
1. We already offer https, so if you want to go https, you can.
2. We should figure out a way of signing
(and doing the appropriate PKI) documents. The fact we think
we cannot says we basically say NO ONE can trust the Internet.
I am willing to believe S/MIME with a known set of roots is a start.
Do we really believe #2 is not a solvable problem? If it is not
solvable (or solved), we are totally hosed.
Forget it, S/Mime and PKI(X) is a dead end road for longterm
signatures on documents. While it might be OK for I-Ds for
their official 6-month validity period, it is useless for RFCs,
which often have a 10+ years lifetime. Long beyond the lifetime
of certificates and the willingness of CAs to respond to
revocation status queries.
-Martin