Anders Rundgren wrote, On 2008-11-23 09:15: > Nelson B Bolyard wrote. >>> I want each organization/domain entity that can afford an SSL certificate >>> to become a virtual CA and run their own secure messaging center. > >> Why SSL certs? why not email certs? > > Could it be the fact that the SSL PKI exists?
So does email PKI. I use it every day. > Email certs is a nice idea that requires that organizations buy into something > like VeriSign's OnSite concept or into completely bizarre stuff like the US > FBCA Uh, no. Nearly all of the CA in Mozilla's root list offer email certs. You can get one from startcom for free. >> The IM service I mentioned before allows users to use certs from any CA. >> Each user's client decide which certs are acceptable, not the service. > > Oops! *My* target are users that do not know what a certificate is! That's fine, since it trusts all of Mozilla's trusted roots by default so the user doesn't need to take any action to trust a reasonable set of CAs by default. The point is that the user CAN if he so chooses. Cert issuance could be done as part of registration for the service. You just don't want the CA to be controlled by the ISP or you're begging for MITM. Numerous large ISPs are now making no secret about their MITM intentions. Google for phorm or nebuad. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto