PGP, Inc.
E. ALLEN SMITH
EALLENSMITH at ocelot.Rutgers.EDU
Mon May 6 23:04:37 PDT 1996
From: IN%"raph at cs.berkeley.edu" "Raph Levien" 5-MAY-1996 13:47:16.83
> "Observers say SMIME's capabilities will let it replace software
> based on the PGP code, which is widely used. Unlike SMIME, which uses
> a structured certificate heirarchy, PGP relies on pre-certification
> of clients and servers for authentication, a limitation SMIME doesn't
> face."
Can one use a web-of-trust for S/MIME, for the cases when a structured
hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know
anything about it.
> Thus, it's a reasonable guess that almost all S/MIME messages that
>pass through the wires will offer "virtually no protection," to quote a
>phrase from a paper co-authored by the principal designer of S/MIME's
>encryption algorithms
>(http://www.bsa.org/policy/encryption/cryptographers.html).
A public breaking of some S/MIME messages would work to discourage
this unsafe mechanism. One wonders if PGP Inc. could sponsor some variety of
contest?
-Allen
More information about the cypherpunks-legacy
mailing list