At 12:34 PM -0500 11/7/02, Keith Moore wrote: >It seems quite reasonable to me that different MIME-based apps would >make different choices here, depending on the assumptions about >relationships between the communicating parties and which trust >model works best with each. This is a common misconception. OpenPGP authentication can be made to work in a hierarchical fashion, and PKIX authentication can be made to work in a web of trust. There is nothing inherent in either authentication mechanism that forces it in one way or another. Each format's certificates simply say "Person A says that Public Key B belongs to Person C". The way that you decide to trust or not trust a particular public key is pretty much unstated in OpenPGP and fairly obscurely stated for PKIX. Given the above, I would be hard-pressed to say to a protocol designer "based on the way the formats work, you should use this format over that one". Dave is absolutely right: the IETF should pick one for protocols to use in IETF standards. --Paul Hoffman, Director --Internet Mail ConsortiumReceived on Thursday, 7 November 2002 13:48:21 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:08:17 UTC