bye bye ViaCode

[Adrian Midgley]

On Saturday 08 June 2002  4:38 pm, you wrote:

> I suppose my point is not so much that WoT couldn't be done, as much as
> that it would be a lot of work.  It would also need commitment from
> everyone who was to be part of it, or it wouldn't work.  With
> centralised key management, at least you know everyone ought to have a
> key that you can trust.  Bearing in mind this disadvantage of the WoT,
> I'm curious to know what you see as the advantages.

You have met our central (key) management?
I don't see that if someone is careless to the extent that I wouldn't tru=
st=20
their signature on another key (something I can reflect in how I use my=20
software) that I can rely on their key having been kept secure ater it is=
=20
issued by the central authority.

> Following on from Ross's point, I suppose the question is what you are
> trying to create. =20

I'd like to know that notes made and sent to me cannot be repudiated, and=
=20
that notes I send to someone else cannot be read before they get there.

> I've never seen a certificate that says someone is trustworthy, only on=
e
> that certifies someone's personal attributes (name, address, department=
,
> whatever).

Right.  But I think the assumption is that if I get a request to encrypt =
your=20
notes against a key for Dr J Smith Darlington Memorial Casualty Dept, and=
=20
send them to the address given, that I am going to _trust_ that this pers=
on=20
is fit and proper, and of course that this key is theirs and nobody else'=
s.


--=20
=46rom one of the Linux desktops of Dr Adrian Midgley=20
http://www.defoam.net/            =20