why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick)
adam at cypherspace.org
Thu May 23 13:58:48 PDT 2002
On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> So what if we create the Cypherpunks Root CA, which (either) signs
> what you submit to it via a web page, or publish the secret key?
This won't achieve the desired effect because it will just destroy the
S/MIME trust mechanism. S/MIME is based on the assumption that all
CAs are trustworthy. Anyone can forge any identity for clients with
that key installed. S/MIME isn't really compatible with the web of
trust because because of the two tier trust system -- all CAs are
assumed trustworthy and all users are not able to sign anything. By
issuing a key and revealing it's private key, you elevate a rogue user
to being a CA and then the system would be broken.
> We then get the Cypherpunks Root CA key added to the browsers--it
> can't be that hard, the US postal service managed it...
I think you'd have to do it in reverse to stand a chance if you
literally published the private key -- they're never going to add the
public key for a known compromised private key. Also it costs lots of
money, and takes some time to take effect.
More information about the cypherpunks-legacy