The advantage of PGP's model is that it doesn't require hours and hours
of legal fees to set up all of the contracts for the various PCA and
CA's, with all of the indemnifications and disclaimers of liabilities.
But about about those hours and hours lost trying to build a certification
path to a PGP public key? A simple finger or e-mail operation may give
the common user a certain degree of trust (and PGP allows, fortunately,
different
levels of trust), but is it really safe? Maybe it takes a great amount
of time to get things going, but it should compensate, in te long terms.
You don't get to a long term without having a short term first. This is why
whatever scheme is adopted needs to be able to handle both short and long term
needs. Getting people to deploy something they cannot immediately use is
extraordinarily difficult if not completely impossible.
My point is: if you really want to do the things properly ( in
verifying other's public key), the use of CA and PCA should be of a
great advantage.
Of course they are. Everybody agrees on this. But you have to be able to
justify their existance, and the key to that in my view is the ability to
bootstrap them off of a simpler mechanism.
The idea has also been put forward that we should effectively bootstrap PEM by
using PGP to provide the simpler mechanism first. Excuse me, but that's just
not how things on the Internet work. Whatever most places end up with first is
what they will continue to use, and if it proves to be inadequate it will be
incrementally enhanced rather than switching to a new form of service. The only
time that things really get replaced is when there are fundamental limitations
to deal with, and there aren't any such limitations in PGP.
IP, MIME, and sendmail provide existance proofs of this concept at the network,
messaging, and implementation levels respectively.
Ned