>> This is probably due to the fact that these efforts are not based on what >> the US government needs but what the Internet community needs.
>I fail to see who exactly "the Internet community" is. Maybe that's the >reason I don't understand the problem. I don't claim to be the definer of this term so I can only give examples that shows what *I* refer to. S/MIME is a scheme that has failed to deliver value except in local communities. I.e. a typical US government solution. DKIM is a transparent signature scheme that in spite of being 10 years too late is already securing many more messages than S/MIME. The German e-invoice scheme is another example of extreme misuse of technology that will forever (=until the current generation of security experts retire...) make PKI.DE a very expensive and complex solution. I note (with mixed feelings) that some Swedish companies have found a profitable niche by offering support for German e-invoices which among many things involves stacks smart cards emulating an office filled with invoice clerks. We somewhat more lazy people just put a single non- personal certificate (like a Verisign web-server cert) and a key in a HSM to sign outgoing invoices which scales globally without requiring monstrosities like Bridge CAs.. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto