From: Jean-Marc Desperrier (jean-marc.desperrier@certplus.com)
Date: Tue Jan 21 2003 - 14:37:47 CST
Brad Templeton a écrit:
> digital signature allows you to completely rethink that, to split
> the authentication and tracing problem away from the transport system.
[...]
> So I challenge you -- why, with a signed article, do we need
> what is traditionally thought of as an injector at all?
Brad, a certificate _enables_ you do get that, but it does not _provide_
you that.
It would not be the transport system system that does authentification
and tracing, because that would be done by the CA that emitted the
certificate.
But a CA that can do that for anybody, securely and for free, does, and
can not exist, so what you describe is a dream.
It could exist if every ISP would deliver free anonymous (but linked to
an internal ID) certificates to it's clients, and the injector could
access a public, trusted list of the CA of reputables ISP before
accepting the message. We're very, very far from that.
It would be possible to have an extra-header that lists the headers that
are signed. Or encapsulation. But encapsulation is not always mail-safe.
PS :
Am I the only one who changes the titles on this list ?
I set the original title of this thread, but it had nothing more to see
with it in the last message.