Date: Mon, 25 Oct 93 12:50:41 EDT
From: jueneman%wotan(_at_)gte(_dot_)com
The issue of whose digital signature is to be _trusted_, and to what
extent, must be decided by the individual recipient. The de facto
assumption within the Privacy Enhanced Mail community is that the
entire certificate chain is displayed for the user's edification for
each message, and the user makes a decision as to the believability
of that message one at a time.
Actually, no, this is not correct; and this points to one of the
fundamental assumptions between PEM and PGP. One of the base
assumptions for PEM is that users are too stupid to figure out whether
or not a given certification chain is valid. They will see a bunch of
wierd X.400 series that will have little or no meaning to them, and they
will blindly hit the "OK" button. (Keep in mind, we're dealing with
Suits here. :-)
Hence, PEM's assumption, which is written into the RFC's is that user
will only be precented with the DN of the originator; and will get a
warning message if the PCA of the originator is different from the
"home" PCA of the recipient. (Because in that case, the policy of the
sender will be different from the policy that the recipient is generally
used, so the recipient should be warned.)
In contrast, PGP assumes that the recipient can use a little bit of
intelligence in verifying the certification path. But PEM does not make
this assumption, and it is from that assumption that a lot of the hair
of PEM (like name subordination, and the whole IPRA/PCA structure) comes
from.
- Ted