[standards-jig] XML Encryption

David Waite mass at akuma.org
Mon Mar 18 22:39:17 UTC 2002


dirkx at covalent.net wrote:

>Trust is not absolute. In a lot of deployment worlds certain levels of
>trust are enough - and do not need a corperate CA to be part of the chain.
>
>What I am referring to is that if I get a signed message with a public key
>inside it from Mr X - and I do not really know him - over time as I
>communicate with him under that key - and perhaps using secondary hints
>such as DNS resolving right, his web site, his email - I get a practical
>enough trust relation. It is not perfect - it is good enough.
>
Right - and one of the issues becomes that this trust is not 
application-specific, and this should really be handled by an external 
tool. I've only messed with two tools which do this - one was called 
'PGP', and the other 'gnupg'.

-David Waite




More information about the Standards mailing list