[standards-jig] XML Encryption
mass at akuma.org
Mon Mar 18 22:39:17 UTC 2002
dirkx at covalent.net wrote:
>Trust is not absolute. In a lot of deployment worlds certain levels of
>trust are enough - and do not need a corperate CA to be part of the chain.
>What I am referring to is that if I get a signed message with a public key
>inside it from Mr X - and I do not really know him - over time as I
>communicate with him under that key - and perhaps using secondary hints
>such as DNS resolving right, his web site, his email - I get a practical
>enough trust relation. It is not perfect - it is good enough.
Right - and one of the issues becomes that this trust is not
application-specific, and this should really be handled by an external
tool. I've only messed with two tools which do this - one was called
'PGP', and the other 'gnupg'.
More information about the Standards