[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec near term work
Steve:
One of the ideas is that anonymity should be available. The fact that
there is a name on an key doesn't mean anything unless you have a
proper certification on that name... Also, in this case, the lack of
a name subordination rule is a big win. I can think of a number of
cases where this model wins highly over a strict CA hierarchy. If you
want, I can explain one posibility, but I won't belabor the point
unless people want to hear it.
> Also, because PGP has no CL facility, the result also would not be
> comparable to the PEM system, so I think it potentially misleading to
> characterize the PEM model as a strict subset of the PGP model.
Well, besides the fact that we are discussing the Web-of-trust, not
"PGP" (PGP is a program that implements a cryptographic protocol and a
web-of-trust certification model), I was wondering what you mean by
"CL".. I couldn't find this term in any of the RFC's, and I don't know
what you mean by this. Are you talking about a Revocation? Please
expand the acronym "CL", if you don't mind.
-derek
Follow-Ups:
References: