If I was really wanted to continue this thread indefinitately, I
would observe that you could accomplish virtually the same thing with
a Persona certificate. But I won't. :-)
Sure, and you could also do it with a self-signed certificate, which would be
even easier than using a persona CA, and with less exposure (since no third
party is involved, there are not even tenuous records of the issuance of the
certificate). But using certificates to provide repudiability is a little
like teaching a bear to dance. Yes, it's possible, but it's not what the bear
was designed to do, and it's not a very good dance...
After all, I could also use RFC1421 to send secure MIME messages. All I would
have to do is define a "Content-Domain: MIME" and interpret the payload as a
MIME message. However, I don't think anyone here would claim that this is the
right way to do it--if it were, these last couple of years of discussion and
experimentation would be moot.
I am suddenly reminded of the Caller-ID debate; perhaps some of the
disagreements here are similarly based on differing assumptions concerning
what the default/desirable cases are. The more I think about it, the more I
suspect this may be the case.
It is obvious to you that self-authenticating messages are the default,
and that other applications are exceptions. It may be just as obvious to Ned
and Jim that the reverse is true. YOU BOTH HAVE GOOD POINTS.
However, I don't see how we can reconcile them by doing anything other than
doing what the current proposal does, which is to provide a mechanism for both
modes of operation and let the use of one or both of them be a policy
decision. I also like keeping the modes distinct is users' minds, so that
they can weight the benefits and costs of each with as little confusion as
possible.
People are much more likely to grasp the difference between "Certified" and
"Uncertified" than between "self-certified" and "CA-certified".
Amanda Walker
InterCon Systems Corporation