Re: Status of RFC2440

[Werner Koch <wk@xxxxxxxxx>]

On Wed, 20 Oct 2004 11:38:04 +0100, Ian Grigg said:

> Oh, indeed.  BTW, do you have any statistics on that?

Sorry no.  I have not seen that companies publically announce that
they now use encryption for their communication; probably because
everyone would expects that communication is held confidential.

> a third is reputation.  Both of these are relatively
> well served by the OpenPGP's web of trust, but they
> are being ignored.  Meanwhile, a lot of companies

There are no widely used applications to support OpenPGP for that.  I
know one TLS implementaion capable of using OpenPGP keys but the usual
web clients don't support it. 

It would be easy to use this with ssh and I expect to see it in the
near future.

> normally start with "why o why is there no button to
> generate a self-signed x.509 key and start using it?"

Even worse: My jabber client complains about self-signed certificates
instead of displaying its fingerprint once for verification.

> But, to underscore my earlier point, mail is not where
> it's at.  Traffic is moving to chat, and there is a
> chance to re-engineer the comms architecture, as chat

Although I don't like chat things very much, you are probably right.


Salam-Shalom,

   Werner