On Fri, 24 May 2002 17:13:18 +1200 (NZST), "Peter Gutmann" <pgut001@cs.auckland.ac.nz> said:

"contrary" <contrary@fastmail.fm> writes:

...

As long as you obtain your S/MIME certificate from an apporved CA, using an approved payment method and appropriate identification.....

The only CA-issued certs I've ever used were free, and under a bogus name. Usually I just issue my own. You really need to find a better strawman than this if you want to criticise S/MIME.

Peter.

OK, likewise. But I guess my point (if I had one) is that regardless of technical, usage, privacy and trust issues there is also one of linkage between a nym and meatspace. With pgp, it's easy to generate a new keypair, label or sign it anyway I care to, and exchange and use it for a single interaction. Relatively easy. (Joe Sixpack-'O-Bass-Ale) S/MIME certificates (by which I may just mean commercial CA's) seem mostly directed at strong authentication for commerce, and lean heavily toward linking to a credit card, driver's license number, or credential. This is a Good Thing for cryptography and for commerce, but not for 'nymity. Also not for "undeclared privacy" which is privacy that occurs below the attention threshold and without the permission of the censors. -- contrary contrary@fastmail.fm -- Access all of your messages and folders wherever you are! http://fastmail.fm - Get your mail using the web or your email software