RE: X.BlaBla in PGP??? BWAHAHAHAHAHA!!!!

[Greg Broiles]

At 10:41 AM 3/6/00, Lucky Green wrote:
>Should your complaint center around the fact that the S/MIME cert will show
>up as invalid in the user's S/MIME client until the cert has been manually
>marked as valid by the user, well, the same holds true for PGP "keys" that
>don't carry signatures you consider valid. So, no, neither S/MIME nor PGP
>certs remove from the user the burden to at least at one point in the
>process make decisions about trust.

And that's a feature, not a bug. "Trust" (the term should be "reliance", as 
trust is an emotional state - reliance is a legal relationship, which is 
what's being sought here) must be configurable and visible to the party 
who's doing the relying. That may not be the "end user" where that means a 
temp worker or minimum-wage data entry clerk; but it should certainly be an 
identifiable human being within their organization who's deliberately 
choosing to balance risk and cost, not a sysadmin installing a technical 
artifact.