To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Ted.Hardie@nominum.com, keydist@cafax.se
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Fri, 04 Jan 2002 20:36:03 +0100
Delivery-Date:
Fri Jan 4 20:37:42 2002
In-Reply-To:
<3C35FF0A.5B59F951@sun.com> (Steve Hanna's message of "Fri, 04Jan 2002 14:14:18 -0500")
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.1.50(i686-pc-linux-gnu)
Subject:
Re: From whence we came...
Steve Hanna <steve.hanna@sun.com> writes: >> I'm personally interested in the kinds of things the FreeS/WAN folks >> are doing, and I see some application in things like secure MTA-MTA >> communication (particularly in the context of Internet Fax). > > For FreeS/WAN and other opportunistic encryption systems, a single > global trusted root may be OK. In fact, any sort of trust model is > OK. You don't care too much whether you have the right person or > who you have to trust to get that person's public key, you just > want to encrypt your traffic. But this isn't true for most systems. To make "don't care too much" a bit more specific: If you trust in DNSSEC it guarantees that the information I use is what the holder of the domain name I want to contact wants to be published. This is as much as you reasonably can ask without knowing more about the domain you wish to talk to.