[standards-jig] XML Encryption
temas at box5.net
Mon Mar 18 18:36:42 UTC 2002
Yes, I agree, it's hard to have an end all absolute answer, and with
trust it probably is not even possible. Most of what you describe
strikes me as key receipient details that they would have to implement
(mostly clients). I guess the question then is, do we just make a
simple IQ for public key exchange? XKMS would probably work for true
public key systems, but we might just need something basic for normal
On Mon, 2002-03-18 at 12:29, dirkx at covalent.net wrote:
> On 18 Mar 2002, Thomas Muldowney wrote:
> > We can't place trust in the servers, we can't place trust in a major 3rd
> > party in a highly distributed system, and we can't trust the users.
> > Where's the trust?
> Trust is not absolute. In a lot of deployment worlds certain levels of
> trust are enough - and do not need a corperate CA to be part of the chain.
> What I am referring to is that if I get a signed message with a public key
> inside it from Mr X - and I do not really know him - over time as I
> communicate with him under that key - and perhaps using secondary hints
> such as DNS resolving right, his web site, his email - I get a practical
> enough trust relation. It is not perfect - it is good enough.
> So really what I want is trust tracking and building tool. Absolutes are
> not that needed.
> I have the same when I walk into a shop and pay by credit card. Is the
> shop real, is the guy behind the counter actually in the employ and no
> imposter, can he or she be trusted, is the credid card swiping device real
> ? Chances are that they are real enough for me - and there is the credit
> card rules of engagement to back it up.
> Would I buy a house with a credit card without checking in the land
> register or kadaster/cadastrale if the owner is the owner - propably not
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards