Re: The future will be easy to use
There is more to this problem than how it is that I trust the key. There is also what I trust it for. ... It is hard to see how to record the information about how much I trust the receipent's systems security.
Bingo! This is one of the hard parts of certificate authorities; just what are you attesting to? The American Bar Association has a big document for public review that addresses what this might mean; there are a couple of RFC's that specify CA policies (one from COST in Sweden, I think), and RSA and/or Verisign will give you their policy in hardcopy. In x.509v3 certificates, there is an extensible field where the key-signer can put arbitrary data. The intent is apparently that you put the ISO object-ID (you know, those funny 1.3.2.11.... numbers) of the policy document. There is, of course, no way to interpret the semantics of this electronically. It will be interesting to see how various companies address this issue, for example as they start to support arbitrary CA's in browsers or servers while doing commerce over the web. /r$
-----BEGIN PGP SIGNED MESSAGE----- I've found mkpgp to be a very useful tool, and an easy to use add on for 'pine' and pgp. But for those that prefer a GUI E-Mail application, I think it would be great if Netscape were to integrate some more security in that portion of their navigator. Or perhaps a third party could add this in by creating a PGP 'Plugin' for Netscape... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by mkpgp1.6, a Pine/PGP interface. iQCVAwUBMLy0YJDNAGOpPg0ZAQF1mQQAkgbwvBrrmqCYedYpW/+c1HfTIqQ6HUyp buxNTga6x2yUTM/nprWo/y+RrhdckO3UgLgu8dW2p/fH9g9GAhxuimDaVijb3/LR pL8mi6/q1LAu80IOh0jktiQXQL+V4ySq/f688snlmlOdQDpjKWo9tsmUtw5+DhDF b5URyUM+4Ms= =Iixz -----END PGP SIGNATURE-----
participants (2)
-
Laszlo Vecsey -
Rich Salz