why there is no WoT in S/MIME (Re: PGP & GPG compatibility)

[Adam Back]

The fact that S/MIME doesn't work well with WoT, and that there are
two classes of users: end users, and CAs is a design criteria burnt
into the spec and most of the software.  It's a business issue, the CA
players were involved in writing the standards, and they have a vested
interest to force users into paying them money to use the software.
It's also a factor why most of the statistic of users with S/MIME MUAs
aren't using it.  I think S/MIME would be more widely used by
individuals if the end-user software worked without CA certificates
and preferably supported some form of WoT.

Adam

On Sun, Feb 10, 2002 at 11:28:04PM -0500, Russell Nelson wrote:
> Well, one of the things that PGP/GPG/OpenPGP got right is the web of
> trust model.  Given that model, there is nothing preventing someone
> from imposing a certificate authority on top of that web.  On the
> other hand, I know of know way to make S/MIME work without a
> certificate from an authority.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com