-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Brant,
> The problem with the public key cryptography system is that it is
> commercial. That is, I have to pay money for a personal key. If
> personal keys came with a computer system, then I believe it would catch
> on for the client side of things. Until that happens, forcing a compuer
> to not only get a personal key, but also pay for it, will not work. If
> things work without paying the money, why should the client pay the money.
I would like to contradict to that.
There are some "non-monetary" approaches for public key systems,
that clearly provide an even better "trust" than that of commercial solutions
(e.g. something like thawte's Web Of Trust or multiple signed PGP keys).
The "public key cryptography system" is definitely *not* inherently
commercial. The question how "trust" can be established is not connected
to any technical solution or to cryptography, but rather sociological.
(That means that I personally would trust a key signed by 20 acquainted people
more than a "buyed" one authorized by some obscure commercial institution and
I am *very* sure that I am not alone with this attitude).
- From a cryptographic (and thus "technical") point of view, the public key
system currently is superior to any other known solution. That's the reason
why it *should* be chosen to implement the "technical" backbone to base
personal "trust"-relationships on. The fact that some few forsighted companies
exploit the general lack of "trust" within the context of the web, is clearly
not an argument against using an unsurpassed methodology for authentication.
Kind regards
Ingo Struck
- --
ingo_at_ingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807 5BBF 8508 AF92 19AA 3D24
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE/JChnhQivkhmqPSQRAg9+AKDdOCRT5Uyu9QBuv2NbKpJenOsUhACeIZN8
CtE1eloRS+iLeQIlvow97tI=
=n5n6
-----END PGP SIGNATURE-----
Received on Jul 27 2003
Intro
