From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 14:04:37 +0800
To: raph@cs.berkeley.edu
Subject: Re: PGP, Inc.
Message-ID: <01I4E39N3LA28Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"raph@cs.berkeley.edu"  "Raph Levien"  5-MAY-1996 13:47:16.83

>   "Observers say SMIME's capabilities will let it replace software
>   based on the PGP code, which is widely used. Unlike SMIME, which uses
>   a structured certificate heirarchy, PGP relies on pre-certification
>   of clients and servers for authentication, a limitation SMIME doesn't
>   face."

	Can one use a web-of-trust for S/MIME, for the cases when a structured
hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know
anything about it.

>   Thus, it's a reasonable guess that almost all S/MIME messages that
>pass through the wires will offer "virtually no protection," to quote a
>phrase from a paper co-authored by the principal designer of S/MIME's
>encryption algorithms
>(http://www.bsa.org/policy/encryption/cryptographers.html).

	A public breaking of some S/MIME messages would work to discourage
this unsafe mechanism. One wonders if PGP Inc. could sponsor some variety of
contest?
	-Allen