On Tue, 13 Dec 1994, Jeff Thompson wrote:
The new precept that MIME/PEM has adopted which you haven't mentioned is:
4. Allowing public keys to remain unpublished.
Let me pointedly ask now: Are you maintaining as a design goal of
MIME/PEM the option for users to prevent their public keys from being
transmitted or widely published?
I can't speak for the MIME-PEM guys, and haven't had a good look at the
latest draft yet. But ... what is the problem with not publicising
public keys? I can think of situations where publication isn't really
necessary:
1. Saving transmission costs after a key has been sent once to
a peer communicant.
2. A family communicating amongst its far-flung members, but which
has very little interest in communicating securely with other
parties.
3. Organised crime which would probably rather not have "The Don"
in a public key database, or enable the police to automatically
grep for messages "The Don" has signed. :-)
I can also forsee a world where there is so much junk e-mail floating
around that people regularly refuse or de-prioritize e-mail which isn't
encrypted to them personally. A public key database would be a
convenient "grep and send" magnet for the marketeers of the world.
Just a few social issues ...
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"