why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick)

Adam Back adam at cypherspace.org
Thu May 23 13:58:48 PDT 2002

On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> So what if we create the Cypherpunks Root CA, which (either) signs
> what you submit to it via a web page, or publish the secret key?

This won't achieve the desired effect because it will just destroy the
S/MIME trust mechanism.  S/MIME is based on the assumption that all
CAs are trustworthy.  Anyone can forge any identity for clients with
that key installed.  S/MIME isn't really compatible with the web of
trust because because of the two tier trust system -- all CAs are
assumed trustworthy and all users are not able to sign anything.  By
issuing a key and revealing it's private key, you elevate a rogue user
to being a CA and then the system would be broken.

> We then get the Cypherpunks Root CA key added to the browsers--it
> can't be that hard, the US postal service managed it...

I think you'd have to do it in reverse to stand a chance if you
literally published the private key -- they're never going to add the
public key for a known compromised private key.  Also it costs lots of
money, and takes some time to take effect.


More information about the cypherpunks-legacy mailing list