* John C Klensin wrote: >Perhaps I'm missing something, but it seems to me that, if one >is willing to rely sufficiently on the email system to say "this >will get to the intended person (or at least mailbox), and, if >it does, the person who opens it will either have the relevant >key to be able to read it or not and, if they don't that is ok", >then all that is needed is a self-signed key (or self-signed >X.509 cert). You do not need keys or certificates in that scenario. >Again, with either PGP or S/MIME (and X.509) with a self-signed >cert or key, authentication is not needed to start using >encryption, only a (perhaps implicit) belief on the part of the >sender that, if the recipient can advertise a public key, it >probably has the private one and that the key-advertiser is not >the proverbial entity-in-the-middle. Without entities in the middle, encryption is unnecessary. -- Björn Höhrmann · mailto:bjoern@xxxxxxxxxxxx · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/