Daniel Dreymann wrote: > > CertifiedEmail is a third- party signature system. First we accredit > senders to establish wether they are good players with a good email > reputation. Then, once they are accredited, we certify *individual* > messages,
But this initial accreditation is done once. > i.e. senders request > a "token" which includes our signature for every message they desire > to send. This provides us with real-time control which is necessary to > ensure CertifiedEmail is not abused. If I understand this correctly this is a privacy night-mare BTW... > CertifiedEmail has built-in real-time security > mechanisms not available to a bless-and-forget CA. Well, it really depends on whether, why and how quick you revoke the initial accreditation. So the same authenticity issues arise like with what you call a "bless-and-forget CA". It depends on the security measures really deployed, during the whole certification lifecycle. And yes, unfortunately I also mistrust some of the CAs out there. But this is not a technical issue and therefore cannot be solved by yet another digital signature format/protocol. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
