[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does the problem need solving?

Even though we have gone well over a decade without an interoperable solution, I think we got here mostly through applied denial and kludges. One result of that has been that organizational users of PKI are stuck with having to live with the trust decisions made by their OS vendors, their applications vendors, or both. Another is that people have been trained to click through the "this cert is not signed by a trusted root" dialog because it is too hard for an enterprise to push their desired trust anchors to their employees.

I would argue in favor that the problem needs solving. I hope that there is also a critical mass of people who care enough about the future of the PKI user experience to do the work.

Can we get a clear statement of what the problem is?

I think I can infer it -- that browsers and other software that have to supply some set of roots do so ad hoc. There's no unified mechanism to specify what the collected set of roots is.

Is that the problem? Am I even close? I think having a clear problem statement should be a prerequisite to having a BOF, myself. Without this, we're guaranteed that the outcome will not have focus.

I have a lot of other questions, but they presuppose I understand the problem statement, and I don't know that I do.


Jon Callas
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d