From daemon(_at_)ns Thu Jan 5 09:30 PST 1995
Is it absolutely too late to try to turn back the clock, salvage
the excellent work done in the MIME area, and graft it back on to
an mildly extended RFC 1422 certificate-based processing scheme along
the lines I sketched above?
Well, we could nuke the new key management stuff, endorse self-signed
certificates as an alternate security model, and leave the rest
unchanged. I
would have no problem with this.
That would satisfy at least 95% of my concerns. The result might not be
absolutely
perfect, but would certainly constitute a solid basis for further
development,
should that be needed.
Sounds good to me. [Jeff Thompson]
Let me just add that I have always considered bootstrapping small
groups of users with self-signed certificates as a reasonable
compromise between totally free-form certification, and strict
top down certification.
This permits a reasonable path to the scalability of the top
down approach (when the infrastructure is established) from the
bootstrapping issues encountered by small groups of users
when the infrastructure is lacking.
Ashar.
Thanks, Ashar and Jeff, and particularly Amanda. I fervently hope we are getting
somewhere.
Bob