[messaging] Thoughts on keyservers
Bruce Leidl
bruce at subgraph.com
Mon Aug 18 09:14:36 PDT 2014
On Mon, Aug 18, 2014 at 11:16 AM, Mike Hearn <mike at plan99.net> wrote:
> Hi Bruce,
>
> Nyms looks cool. It'd be nice if the website contained a more explicit
> comparison against S/MIME and the existing PKI, as in many ways it sounds
> quite similar structurally, just with different wire protocols.
S/MIME might seem attractive because it's already well supported by
most email clients, but also baked into every S/MIME client is the
legacy of X.509 certificate authorities. Replacing the trust model
with an improved system would seem to require rewriting the S/MIME
implementation in every client. I've also never understood how keys
are supposed to be distributed for global communication in S/MIME or
if there's even a standard way to do this.
I mainly chose OpenPGP over S/MIME because I can extend it without
depending on CAs to not reject certificates with new features and
because I don't really understand everything about the behavior of
existing S/MIME clients. Either way, I think throwing (mostly)
everything away and starting over is going to be necessary.
btw, Phillip Hallman-Baker is working on an S/MIME based system which
also requires plenty of new infrastructure:
http://prismproof.org/resources.html#specifications
--brl
More information about the Messaging
mailing list