On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | >| Lucky Green wrote: | >| >I also agree that current MTAs' implementations of STARTTLS are only a | >| >first step. At least in postfix, the only MTA with which I am | >| >sufficiently familiar to form an opinion, it appears impossible to | >| >require that certs presented by trusted parties match a particular hash | >| >while certs presented by untrusted MTAs can present any certificate they | >| >desire to achieve EDH-level security. | >| | >| This is probably a stupid question, but... why would you want to do this? | > | >So that your regular correspondants are authenticated, while anyone | >else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume