[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Example: PGP-aware mailer

At 06:04 PM 4/5/96 -0500, Rich Salz wrote:
>>First, we would have Eudora automatically recognize the signed message and
>>extract KeyID and signature.  It would look up the KeyID and, if it has the
>>key or can find it, check the signature.
>     ^^^^^^^^^^^^^^
>I believe that addressing that last sentence, where you've conveniently
>left the implementation undefined, is one of the major goals of the various
>PKI efforts.

I didn't think I was leaving it undefined.  I think that part of the problem
is really easy.  The information is on the net, so you find it by URL or DNS

But you're right.  That's what most CAs try to offer...a database of signed
objects.  In the days before the net, that was something of value (a central
database).  With people on the net, I believe there is little value added in
providing a database service.  There's some value -- but it's so easy to do
and can be done as a free public service (e.g., the MIT PGP key server) so I
see little $ value to the service, certainly too little to warrant starting
a company.

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |