From: shamrock@netcom.com (Lucky Green)
Date: Thu, 9 May 1996 06:04:51 +0800
To: Raph Levien <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
Message-ID: <v02120d13adb5e740aeeb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:46 5/7/96, Raph Levien wrote:
[...]
>   The S/MIME spec indicates the use of X.509v3 certificates, which, in
>turn, are explicitly allowed to contain trust roots originating in the
>client's local configuration. In other words, yes, the spec allows for a
>Web of trust.
>   The big question, of course, is how easy the key management will be
>in such a case. Everything I've seen points to key management being
>super-easy if you use VeriSign certs, and probably just as bad as PGP
>otherwise. Unlike PGP, most e-mail clients will probably not come
>configured with the capablity to sign other keys - in the X.500 world,
>e-mail clients and "certification authorities" are two separate
>applications.

Since VeriSign is going to issue certs for nyms for free, the only
requirement being uniqueness, using their certs might not prove much of a
problem.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.