Eric Burger wrote: > > Here I agree. [The value of discourse] > > 1. We already offer https, so if you want to go https, you can. > > 2. We should figure out a way of signing > (and doing the appropriate PKI) documents. The fact we think > we cannot says we basically say NO ONE can trust the Internet. > I am willing to believe S/MIME with a known set of roots is a start. > > Do we really believe #2 is not a solvable problem? If it is not > solvable (or solved), we are totally hosed. Forget it, S/Mime and PKI(X) is a dead end road for longterm signatures on documents. While it might be OK for I-Ds for their official 6-month validity period, it is useless for RFCs, which often have a 10+ years lifetime. Long beyond the lifetime of certificates and the willingness of CAs to respond to revocation status queries. -Martin