I believe it was Phil Zimmermann, father of PGP, who exclaimed widely and wisely that ...the second you involve a third party is the same second you lose the surety of privacy.
CAs are third parties. In a for profit monetized X509 space, certificate escrow and its variants is a quiet fact.
PGP never needed third parties, though in their day the key ring servers were considered administratively challenging -- a hurdle that likely would have been overcome had PGP gotten to the critical mass tipping point.
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Last edited by s2scott; 22nd February 2012 at 03:12 AM.
Reason: Spelling
|