At 4:07 PM -0400 6/19/07, Tim Polk wrote:
If you look at the goals specified in the introduction of draft-narten-successful-bof-02.txt, we will be concentrating on the first two:demonstrate that the community has agreement that: - there is a problem that needs solving, and the IETF is the right group to attempt solving it. - there is a critical mass of participants willing to work on the problem (e.g., write drafts, review drafts, etc.)
Even though we have gone well over a decade without an interoperable solution, I think we got here mostly through applied denial and kludges. One result of that has been that organizational users of PKI are stuck with having to live with the trust decisions made by their OS vendors, their applications vendors, or both. Another is that people have been trained to click through the "this cert is not signed by a trusted root" dialog because it is too hard for an enterprise to push their desired trust anchors to their employees.
I would argue in favor that the problem needs solving. I hope that there is also a critical mass of people who care enough about the future of the PKI user experience to do the work.
--Paul Hoffman, Director --VPN Consortium