- From: Paul Hoffman / IMC <phoffman@imc.org>
- Date: Thu, 7 Nov 2002 10:47:42 -0800
- To: discuss@apps.ietf.org
At 12:34 PM -0500 11/7/02, Keith Moore wrote: >It seems quite reasonable to me that different MIME-based apps would >make different choices here, depending on the assumptions about >relationships between the communicating parties and which trust >model works best with each. This is a common misconception. OpenPGP authentication can be made to work in a hierarchical fashion, and PKIX authentication can be made to work in a web of trust. There is nothing inherent in either authentication mechanism that forces it in one way or another. Each format's certificates simply say "Person A says that Public Key B belongs to Person C". The way that you decide to trust or not trust a particular public key is pretty much unstated in OpenPGP and fairly obscurely stated for PKIX. Given the above, I would be hard-pressed to say to a protocol designer "based on the way the formats work, you should use this format over that one". Dave is absolutely right: the IETF should pick one for protocols to use in IETF standards. --Paul Hoffman, Director --Internet Mail Consortium
Received on Thursday, 7 November 2002 13:48:21 UTC