X.509 / PKI, PGP, and IBE Secure Email Technologies

James A. Donald jamesd at echeque.com
Thu Dec 15 14:36:26 EST 2005


    --
From:           	Werner Koch <wk at gnupg.org>
> You need to clarify the trust model.  The OpenPGP
> standard does not define any trust model at all.  The
> standard merely defines fatures useful to implement a
> trust model.

"Clarifying the trust model" sounds suspiciously like
designers telling customers to conform to designer
procedures.  This has not had much success in the past.

People using PGP in practice verify keys out of band,
not through web of trust.

People using https tend to click through. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     9zzvV5qgyWeB4uTJn5vTjFtKeouMk46hiM0EN7Q+
     4CKg4nhwvcBjl855xVUXY5XMP46ZdvXoOl8Wu0Hyb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list